Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Opencart Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2018-11495 - Vulnerability Database
Opencart

Opencart Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2018-11495

Medium
Reference: CVE-2018-11495
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-11495
Title: Opencart Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in adminmodelcatalogdownload.php via admin/index.phproutecatalog/download/edit related to the download_id. For example an attacker can download ../../config.php.