OpenCart  CVE-2024-21519, CVE-2024-21518, CVE-2024-21517, CVE-2024-21516, CVE-2024-21515, CVE-2024-21514 

June 23, 2024

On June 22, 2024, multiple critical vulnerabilities were discovered in OpenCart platforms. These vulnerabilities pose significant risks to users and highlight the importance of timely updates and security measures.

CVE-2024-21519: Arbitrary File Creation in OpenCart

The first vulnerability, CVE-2024-21519, affects versions of OpenCart from 4.0.0.0. This vulnerability is related to the database restoration functionality in OpenCart. An attacker with admin privileges can inject PHP code into the database and create a backup file with an arbitrary filename, including the extension, within the /system/storage/backup directory. While it is less likely for the created file to be available within the web root, this vulnerability still poses a significant risk if not addressed promptly.

CVE-2024-21518: Zip Slip in OpenCart Marketplace Installer

The second vulnerability, CVE-2024-21518, affects versions of OpenCart from 4.0.0.0. This vulnerability is related to the marketplace installer in OpenCart. Due to improper sanitization of the target path, files within a malicious archive can traverse the filesystem and be extracted to arbitrary locations. This allows an attacker to create arbitrary files in the web root of the application and overwrite existing files. This vulnerability is particularly dangerous as it can be exploited to gain unauthorized access to sensitive data.

CVE-2024-21517: Reflected XSS in OpenCart Customer Account/Login Route

The third vulnerability, CVE-2024-21517, affects versions of OpenCart from 4.0.0.0. This vulnerability is related to the redirect parameter of the customer account/login route. An attacker can inject arbitrary HTML and JavaScript into the page response. This vulnerability is particularly dangerous as it can be used to target and attack customers of the OpenCart shop. The fix for this vulnerability is incomplete, leaving users vulnerable to further attacks.

CVE-2024-21516: Reflected XSS in OpenCart Admin Common/FileManager.List Route

The fourth vulnerability, CVE-2024-21516, affects versions of OpenCart from 4.0.0.0. This vulnerability is related to the directory parameter of the admin common/filemanager.list route. An attacker can obtain a user's token by tricking the user to click on a maliciously crafted URL. If the attacked user has admin privileges, this vulnerability can be used as the start of a chain of exploits like Zip Slip or arbitrary file write vulnerabilities in the admin functionality. The fix for this vulnerability is incomplete, leaving users vulnerable to further attacks.

CVE-2024-21515: Reflected XSS in OpenCart Admin Tool/Log Route

The fifth vulnerability, CVE-2024-21515, affects versions of OpenCart from 4.0.0.0. This vulnerability is related to the filename parameter of the admin tool/log route. An attacker can obtain a user's token by tricking the user to click on a maliciously crafted URL. If the attacked user has admin privileges, this vulnerability can be used as the start of a chain of exploits like Zip Slip or arbitrary file write vulnerabilities in the admin functionality. The fix for this vulnerability is incomplete, leaving users vulnerable to further attacks.

CVE-2024-21514: SQL Injection in OpenCart Divido Payment Extension

The sixth vulnerability, CVE-2024-21514, affects versions of OpenCart from 0.0.0. This vulnerability is related to the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. An anonymous unauthenticated user can exploit SQL injection to gain unauthorized access to the backend database. This vulnerability poses a significant risk to customer PII data and highlights the importance of timely updates and security measures.

Conclusion

The security vulnerabilities discovered on June 22, 2024, highlight the importance of timely updates and security measures. These vulnerabilities pose significant risks to users and demonstrate the need for robust security practices. It is crucial for users to update their software to the latest versions and implement robust security measures to protect against these vulnerabilities.

References

1. OpenCVE. "Vulnerabilities (CVE) - OpenCVE." OpenCVE, 2024.
2. Security Vulnerability. "OpenCart Reflected XSS Vulnerability Affects Versions 4.0.0.0 and Below." Security Vulnerability, 2024.
3. CVE Feed. "CVE-2024-21517 - This affects versions of the package opencart..." CVE Feed, 2024.
4. CVE Feed. "CVE-2024-21518 - This affects versions of the package opencart..." CVE Feed, 2024.
5. CVE Details. "Security vulnerabilities, CVEs, published in 2024." CVE Details, 2024.