How severe is CVE-2024-21518?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2024-21518?

This is classified as CWE-29, which is a common weakness in software security.

CVE-2024-21518 - HIGH Severity | CVSS 7.2

Vulnerability Description

This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An attacker can create arbitrary files in the web root of the application and overwrite other existing files by exploiting this vulnerability.

Related Vulnerabilities

CVE-2024-13059

HIGH

CVSS:7.2(High)

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arb...

CWE-292024

CVE-2024-8248

HIGH

CVSS:7.2(High)

A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. This can r...

CWE-292024

CVE-2022-2788

HIGH

CVSS:7.3(High)

Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables atta...

CWE-292022

CVE-2024-6139

HIGH

CVSS:7.3(High)

A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system an...

CWE-292024

CVE-2024-51534

HIGH

CVSS:7.1(High)

Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauth...

CWE-292024

CVE-2023-6021

HIGH

CVSS:7.5(High)

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.any...

CWE-292023