oss-sec mailing list archives
CVE request: OpenCart filemanager.php parameter traversal arbitrary file access
From: Henri Salo <henri () nerv fi>
Date: Sat, 23 Mar 2013 14:19:22 +0200
Hello Kurt and list members, Can we assign CVE identifier for security vulnerability in OpenCart, thanks. References: http://www.waraxe.us/advisory-98.html http://osvdb.org/91500 http://seclists.org/fulldisclosure/2013/Mar/176 Credits: Janek Vind "waraxe" Advisory ID: waraxe-2013-SA#098 Disclosure date: 2013-03-19 Status: not fixed in upstream CVSSv2 Base Score = 5.0 Affected (from advisory) are all OpenCart versions, from 1.4.7 to 1.5.5.1, maybe older too. Janek confirmed he has not requested CVE yet. I will contact OpenCart again later today and ask status for the fix. -- Henri Salo
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE request: OpenCart filemanager.php parameter traversal arbitrary file access Henri Salo (Mar 23)
- Re: CVE request: OpenCart filemanager.php parameter traversal arbitrary file access Kurt Seifried (Mar 23)