Vulnerability Details CVE-2018-11494
The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code'].
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.9%
CVSS Severity
CVSS v3 Score 8.0
CVSS v2 Score 6.0
References
Products affected by CVE-2018-11494
-
cpe:2.3:a:opencart:opencart:1.5.5.1
-
cpe:2.3:a:opencart:opencart:1.5.6
-
cpe:2.3:a:opencart:opencart:1.5.6.1
-
cpe:2.3:a:opencart:opencart:1.5.6.2
-
cpe:2.3:a:opencart:opencart:1.5.6.3
-
cpe:2.3:a:opencart:opencart:1.5.6.4
-
cpe:2.3:a:opencart:opencart:2.0.0.0
-
cpe:2.3:a:opencart:opencart:2.0.1.0
-
cpe:2.3:a:opencart:opencart:2.0.1.1
-
cpe:2.3:a:opencart:opencart:2.0.2.0
-
cpe:2.3:a:opencart:opencart:2.0.3.0
-
cpe:2.3:a:opencart:opencart:2.0.3.1
-
cpe:2.3:a:opencart:opencart:2.1.0.0
-
cpe:2.3:a:opencart:opencart:2.1.0.1
-
cpe:2.3:a:opencart:opencart:2.1.0.2
-
cpe:2.3:a:opencart:opencart:2.2.0.0
-
cpe:2.3:a:opencart:opencart:2.3.0.0
-
cpe:2.3:a:opencart:opencart:2.3.0.1
-
cpe:2.3:a:opencart:opencart:2.3.0.2
-
cpe:2.3:a:opencart:opencart:3.0.0.0
-
cpe:2.3:a:opencart:opencart:3.0.0.2
-
cpe:2.3:a:opencart:opencart:3.0.1.0
-
cpe:2.3:a:opencart:opencart:3.0.1.1
-
cpe:2.3:a:opencart:opencart:3.0.1.2
-
cpe:2.3:a:opencart:opencart:3.0.2.0