CVE-2024-21519

HIGH Year: 2024
CVSS v3 Score
7.2
High
Weakness Type
CWE-20
View all →

Vulnerability Description

This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including the extension), within /system/storage/backup. **Note:** It is less likely for the created file to be available within the web root, as part of the security recommendations for the application suggest moving the storage path outside of the web root.

Related Vulnerabilities

CVE-2011-3611

HIGH
CVSS:7.2(High)

A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12.

CWE-202011

CVE-2014-5362

HIGH
CVSS:7.2(High)

The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ...

CWE-202014

CVE-2015-2202

HIGH
CVSS:7.2(High)

Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.

CWE-202015

CVE-2016-3654

HIGH
CVSS:7.2(High)

The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote aut...

CWE-202016

CVE-2016-5840

HIGH
CVSS:7.2(High)

hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename ...

CWE-202016

CVE-2017-12148

HIGH
CVSS:7.2(High)

A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacke...

CWE-202017