[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130323121922.GA16947@kludge.henri.nerv.fi>
Date: Sat, 23 Mar 2013 14:19:22 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Cc: come2waraxe@...oo.com
Subject: CVE request: OpenCart filemanager.php parameter traversal
arbitrary file access
Hello Kurt and list members,
Can we assign CVE identifier for security vulnerability in OpenCart, thanks.
References:
http://www.waraxe.us/advisory-98.html
http://osvdb.org/91500
http://seclists.org/fulldisclosure/2013/Mar/176
Credits: Janek Vind "waraxe"
Advisory ID: waraxe-2013-SA#098
Disclosure date: 2013-03-19
Status: not fixed in upstream
CVSSv2 Base Score = 5.0
Affected (from advisory) are all OpenCart versions, from 1.4.7 to 1.5.5.1, maybe
older too.
Janek confirmed he has not requested CVE yet. I will contact OpenCart again
later today and ask status for the fix.
--
Henri Salo
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
