Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Opencart CVE-2024-21519 Vulnerability (CVE-2024-21519) - Vulnerability Database

Opencart CVE-2024-21519 Vulnerability (CVE-2024-21519)

Description

This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including the extension), within /system/storage/backup. **Note:** It is less likely for the created file to be available within the web root, as part of the security recommendations for the application suggest moving the storage path outside of the web root.

References

CVE-2024-21519

Related Vulnerabilities

XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32731) Medium
Common tags: Missing Update Known Vulnerabilities
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7740) Medium
Common tags: Missing Update Known Vulnerabilities
phpMyAdmin CVE-2019-6799 Vulnerability (CVE-2019-6799) Medium
Common tags: Missing Update Known Vulnerabilities
Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-6970) High
Common tags: Missing Update Known Vulnerabilities
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-6975) High
Common tags: Missing Update Known Vulnerabilities

Severity

High

Classification

CVE-2024-21519
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update
Known Vulnerabilities