Description
In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1158)
WordPress Plugin PDW Media File Browser 'upload.php' Arbitrary File Upload (1.1)
MySQL CVE-2022-21367 Vulnerability (CVE-2022-21367)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-3230)