Description
The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code'].
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2015-4755 Vulnerability (CVE-2015-4755)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1832)
WordPress Plugin GarageSale Cross-Site Scripting (1.2.2)
WordPress Plugin WordPress WP-Advanced-Search Cross-Site Request Forgery (3.3.8)
WordPress Plugin WP Spell Check Cross-Site Request Forgery (7.1.9)