GHSA-v4j2-cwmm-xg89: Input Validation
First published: Wed Sep 27 2023(Updated: )
Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/opencart/opencart | >=4.0.0.0<4.0.2.3 | 4.0.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Path Traversal vulnerability in OpenCart?
The vulnerability ID for this Path Traversal vulnerability in OpenCart is GHSA-v4j2-cwmm-xg89.
What is the severity of GHSA-v4j2-cwmm-xg89?
The severity of GHSA-v4j2-cwmm-xg89 is high with a severity value of 8.1.
Which version of OpenCart is affected by this vulnerability?
OpenCart versions 4.0.0.0 to 4.0.2.2 are affected by this vulnerability.
How can an authenticated user exploit this vulnerability?
An authenticated user with access/modify privilege on the Log component can exploit this vulnerability to empty out arbitrary files on the server.
How can I fix the Path Traversal vulnerability in OpenCart?
To fix the Path Traversal vulnerability in OpenCart, update to version 4.0.2.3 or later.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/github-advisory
- alias/GHSA-v4j2-cwmm-xg89
- alias/CVE-2023-2315
- collector/github-advisory-latest
- package-manager/composer