oss-sec mailing list archives

CVE request: OpenCart filemanager.php parameter traversal arbitrary file access

From: Henri Salo <henri () nerv fi>
Date: Sat, 23 Mar 2013 14:19:22 +0200

Hello Kurt and list members,

Can we assign CVE identifier for security vulnerability in OpenCart, thanks.

References:
http://www.waraxe.us/advisory-98.html
http://osvdb.org/91500
http://seclists.org/fulldisclosure/2013/Mar/176

Credits: Janek Vind "waraxe"
Advisory ID: waraxe-2013-SA#098
Disclosure date: 2013-03-19
Status: not fixed in upstream
CVSSv2 Base Score = 5.0
Affected (from advisory) are all OpenCart versions, from 1.4.7 to 1.5.5.1, maybe
older too.

Janek confirmed he has not requested CVE yet. I will contact OpenCart again
later today and ask status for the fix.

--
Henri Salo

Attachment: signature.asc
Description: Digital signature

Current thread:

CVE request: OpenCart filemanager.php parameter traversal arbitrary file access Henri Salo (Mar 23)
- Re: CVE request: OpenCart filemanager.php parameter traversal arbitrary file access Kurt Seifried (Mar 23)