Login Sign Up

CVE-2024-21518

7.2 HIGH
Path Traversal

📋 TL;DR

This Zip Slip vulnerability in OpenCart's marketplace installer allows attackers to upload malicious ZIP archives that can extract files to arbitrary locations on the filesystem. Attackers can overwrite existing files or create new files in the web root, potentially leading to remote code execution. This affects OpenCart installations running version 4.0.0.0.

💻 Affected Systems

Products:
  • OpenCart
Versions: 4.0.0.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires admin access to marketplace installer functionality.

📦 What is this software?

Opencart by Opencart

View all CVEs affecting Opencart →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Webshell installation allowing persistent access, defacement, or data exfiltration.

🟢

If Mitigated

Limited to file overwrites in web-accessible directories without code execution.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires admin privileges to access the marketplace installer.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.0.2.3

Vendor Advisory: https://github.com/opencart/opencart/security/advisories/GHSA-9r8q-8h7h-5w5w

Restart Required: No

Instructions:

1. Backup your OpenCart installation and database. 2. Download OpenCart 4.0.2.3 or newer from the official repository. 3. Replace the affected file: upload/admin/controller/marketplace/installer.php with the patched version. 4. Clear OpenCart cache.

🔧 Temporary Workarounds

Disable Marketplace Installer

linux

Temporarily disable the marketplace installer functionality to prevent exploitation.

mv upload/admin/controller/marketplace/installer.php upload/admin/controller/marketplace/installer.php.disabled

Restrict Admin Access

all

Limit admin panel access to trusted IP addresses only.

Add IP restrictions to .htaccess or web server configuration for /admin directory

🧯 If You Can't Patch

  • Disable the marketplace installer module completely.
  • Implement strict file upload validation and monitoring for ZIP file extraction activities.

🔍 How to Verify

Check if Vulnerable:

Check if OpenCart version is 4.0.0.0 by viewing the version in admin panel or checking system/info.php.

Check Version:

php -r "include 'config.php'; echo VERSION;"

Verify Fix Applied:

Verify the installer.php file contains proper path sanitization (check for realpath() usage and directory traversal prevention).

📡 Detection & Monitoring

Log Indicators:

  • Unusual ZIP file uploads via marketplace installer
  • File extraction to unexpected directories
  • Admin user performing unexpected marketplace installations

Network Indicators:

  • POST requests to /admin/index.php?route=marketplace/installer.install with ZIP payloads

SIEM Query:

source="web_access_logs" AND uri="/admin/index.php" AND query="route=marketplace/installer.install" AND method="POST"

📊 Metadata

CVE ID: CVE-2024-21518
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-29
Published: June 22, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-21518, you might also want to check these:

CVE-2024-2083 9.9

A directory traversal vulnerability in the zenml-io/zenml repository allows attackers to read arbitr...

Same vulnerability type (CWE-29)
CVE-2024-2624 9.8

This vulnerability allows attackers to perform path traversal and arbitrary file uploads in the loll...

Same vulnerability type (CWE-29)
CVE-2024-2358 9.8

A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows att...

Same vulnerability type (CWE-29)