GSA_kwCzR0hTQS12NGoyLWN3bW0teGc4Oc4AA2EH

High EPSS: 0.00273% (0.50468 Percentile) EPSS:

Permalink JSON

OpenCart Path Traversal vulnerability

Affected Packages	Affected Versions	Fixed Versions
packagist:opencart/opencart	>= 4.0.0.0, < 4.0.2.3	4.0.2.3
12 Dependent packages 15 Dependent repositories 35,114 Downloads total Affected Version Ranges All affected versions All unaffected versions

Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-2315
https://github.com/opencart/opencart/commit/0a8dd91e385f70e42795380009fd644224c1bc97
https://starlabs.sg/advisories/23/23-2315/
https://github.com/opencart/opencart/releases/tag/4.0.2.3
https://github.com/advisories/GHSA-v4j2-cwmm-xg89

Identifiers

GHSA-v4j2-cwmm-xg89

CVE-2023-2315

Risk

Severity

High

EPSS

EPSS Percentage: 0.00273

EPSS Percentile: 0.50468

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/opencart/opencart

Date and time

Published

almost 2 years ago

Updated

over 1 year ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories