OpenCart up to and including 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opencart opencart |