|
Description
|
|
Janek Vind has discovered two vulnerabilities in OpenCart, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to disclose sensitive information.
1) Input passed via the "route" parameter to index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.
2) The admin/controller/catalog/download.php script does not properly validate uploaded files, which can be exploited to execute arbitrary PHP code by uploading a PHP file with e.g. an appended ".jpg" file extension.
Successful exploitation requires catalog/download access permissions.
The vulnerabilities are confirmed in version 1.5.2.1. Other versions may also be affected.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
OpenCart 1.x
|
|
|
|
|
|
Solution
|
|
Edit the source code to ensure that input is properly verified. Restrict access to the download folder (e.g. via .htaccess).
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
http://www.waraxe.us/advisory-84.html
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
