CVE-2024-21519

{"id": "CVE-2024-21519", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "report@snyk.io", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.7}]}, "published": "2024-06-22T05:15:11.620", "references": [{"url": "https://github.com/opencart/opencart/blob/4.0.2.3/upload/admin/controller/tool/upload.php%23L353", "source": "report@snyk.io"}, {"url": "https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266579", "tags": ["Exploit", "Third Party Advisory"], "source": "report@snyk.io"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "report@snyk.io", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including the extension), within /system/storage/backup.\r\r**Note:**\r\rIt is less likely for the created file to be available within the web root, as part of the security recommendations for the application suggest moving the storage path outside of the web root."}, {"lang": "es", "value": "Esto afecta a las versiones del paquete opencart/opencart desde 4.0.0.0. Se identific\u00f3 un problema de creaci\u00f3n arbitraria de archivos mediante la funcionalidad de restauraci\u00f3n de la base de datos. Al inyectar c\u00f3digo PHP en la base de datos, un atacante con privilegios de administrador puede crear un archivo de copia de seguridad con un nombre de archivo arbitrario (incluida la extensi\u00f3n), dentro de /system/storage/backup. **Nota:** Es menos probable que el archivo creado est\u00e9 disponible en la ra\u00edz web, ya que parte de las recomendaciones de seguridad para la aplicaci\u00f3n sugieren mover la ruta de almacenamiento fuera de la ra\u00edz web."}], "lastModified": "2024-06-27T13:15:55.027", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60390C89-394D-4A4E-BD1C-C91F57B73CFD", "versionStartIncluding": "4.0.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "report@snyk.io"}