GHSA-v4j2-cwmm-xg89

Source

https://github.com/advisories/GHSA-v4j2-cwmm-xg89

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-v4j2-cwmm-xg89/GHSA-v4j2-cwmm-xg89.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-v4j2-cwmm-xg89

Aliases

CVE-2023-2315

Published

2023-09-27T15:30:34Z

Modified

2023-11-01T05:01:10.643539Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

OpenCart Path Traversal vulnerability

Details

Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-27T20:16:23Z",
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-20",
        "CWE-22"
    ],
    "nvd_published_at": "2023-09-27T15:18:50Z"
}

References

Affected packages

Packagist / opencart/opencart

Package

Name: opencart/opencart
Purl: pkg:composer/opencart/opencart

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0.0

Fixed

4.0.2.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-v4j2-cwmm-xg89/GHSA-v4j2-cwmm-xg89.json"