Summary
This host is running OpenCart and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to upload PHP scripts and include arbitrary files from local resources via directory traversal attacks.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
The flaws are due to
- An input passed via the 'route' parameter to index.php is not properly verified before being used to include files.
- 'admin/controller/catalog/download.php' script does not properly validate uploaded files, which can be exploited to execute arbitrary PHP code by uploading a PHP file with an appended '.jpg' file extension.
Affected
OpenCart version 1.5.2.1 and prior
References
Severity
Classification
-
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Ampache Reflected Cross Site Scripting Vulnerability
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Apache Struts2 'XWork' Information Disclosure Vulnerability
- AMSI 'file' Parameter Directory Traversal Vulnerability
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability