CVE-2024-21519 - OpenCVE

This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including the extension), within /system/storage/backup. **Note:** It is less likely for the created file to be available within the web root, as part of the security recommendations for the application suggest moving the storage path outside of the web root.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Opencart	Opencart

Configuration 1 [-]

cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/opencart/opencart/blob/4.0.2.3/upload/admin/controller/tool/upload.php%23L353
https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266579	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: snyk

Published: 2024-06-22T05:00:04.894Z

Updated: 2024-06-27T12:40:12.894Z

Reserved: 2023-12-22T12:33:20.120Z

Link: CVE-2024-21519

JSON object: View

NVD Information

Status : Modified

Published: 2024-06-22T05:15:11.620

Modified: 2024-06-27T13:15:55.027

Link: CVE-2024-21519

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21519", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "state": "PUBLISHED", "assignerShortName": "snyk", "dateReserved": "2023-12-22T12:33:20.120Z", "datePublished": "2024-06-22T05:00:04.894Z", "dateUpdated": "2024-06-27T12:40:12.894Z"}, "containers": {"cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P"}}], "credits": [{"value": "Calum Hutton", "lang": "en"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "Arbitrary File Creation", "lang": "en"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2024-06-27T12:40:12.894Z"}, "descriptions": [{"value": "This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including the extension), within /system/storage/backup.\r\r**Note:**\r\rIt is less likely for the created file to be available within the web root, as part of the security recommendations for the application suggest moving the storage path outside of the web root.", "lang": "en"}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266579"}, {"url": "https://github.com/opencart/opencart/blob/4.0.2.3/upload/admin/controller/tool/upload.php%23L353"}], "affected": [{"product": "opencart/opencart", "versions": [{"version": "4.0.0.0", "lessThan": "*", "status": "affected", "versionType": "semver"}], "vendor": "n/a"}]}, "adp": [{"affected": [{"vendor": "opencart", "product": "opencart", "cpes": ["cpe:2.3:a:opencart:opencart:4.0.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.0.0.0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-24T13:47:53.984916Z", "id": "CVE-2024-21519", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-24T13:49:02.379Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*", "matchCriteriaId": "60390C89-394D-4A4E-BD1C-C91F57B73CFD", "versionStartIncluding": "4.0.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including the extension), within /system/storage/backup.\r\r**Note:**\r\rIt is less likely for the created file to be available within the web root, as part of the security recommendations for the application suggest moving the storage path outside of the web root."}, {"lang": "es", "value": "Esto afecta a las versiones del paquete opencart/opencart desde 4.0.0.0. Se identific\u00f3 un problema de creaci\u00f3n arbitraria de archivos mediante la funcionalidad de restauraci\u00f3n de la base de datos. Al inyectar c\u00f3digo PHP en la base de datos, un atacante con privilegios de administrador puede crear un archivo de copia de seguridad con un nombre de archivo arbitrario (incluida la extensi\u00f3n), dentro de /system/storage/backup. **Nota:** Es menos probable que el archivo creado est\u00e9 disponible en la ra\u00edz web, ya que parte de las recomendaciones de seguridad para la aplicaci\u00f3n sugieren mover la ruta de almacenamiento fuera de la ra\u00edz web."}], "id": "CVE-2024-21519", "lastModified": "2024-06-27T13:15:55.027", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2024-06-22T05:15:11.620", "references": [{"source": "report@snyk.io", "url": "https://github.com/opencart/opencart/blob/4.0.2.3/upload/admin/controller/tool/upload.php%23L353"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266579"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "report@snyk.io", "type": "Secondary"}]}