OpenCart 'filemanager.php' Multiple Directory Traversal Vulnerabilities
BID:58582
Info
OpenCart 'filemanager.php' Multiple Directory Traversal Vulnerabilities
| Bugtraq ID: | 58582 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-1891 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 19 2013 12:00AM |
| Updated: | Mar 25 2013 07:16AM |
| Credit: | Janek Vind |
| Vulnerable: |
OpenCart OpenCart 1.4.9 OpenCart OpenCart 1.5.2.1 OpenCart OpenCart 1.5.1.2 OpenCart OpenCart 1.5.1.1 OpenCart OpenCart 1.4.9.1 |
| Not Vulnerable: | |
Discussion
OpenCart 'filemanager.php' Multiple Directory Traversal Vulnerabilities
OpenCart is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Exploiting the issues can allow an attacker to obtain sensitive information that could aid in further attacks.
OpenCart versions 1.4.7 through versions 1.5.5.1 are vulnerable.
OpenCart is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Exploiting the issues can allow an attacker to obtain sensitive information that could aid in further attacks.
OpenCart versions 1.4.7 through versions 1.5.5.1 are vulnerable.
Exploit / POC
OpenCart 'filemanager.php' Multiple Directory Traversal Vulnerabilities
Attackers can exploit these issues through a browser.
Attackers can exploit these issues through a browser.
Solution / Fix
OpenCart 'filemanager.php' Multiple Directory Traversal Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
OpenCart 'filemanager.php' Multiple Directory Traversal Vulnerabilities
References:
References:
- OpenCart Homepage (OpenCart)