Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Opencart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2013-1891)

Description

In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed.

Remediation

References

Related Vulnerabilities

WordPress Plugin Chat-Support Board-WordPress Chat Cross-Site Scripting (3.3.4)

WordPress Plugin Events by Devllo Cross-Site Scripting (1.0.4.2)

Apache HTTP Server Other Vulnerability (CVE-2001-0042)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-2561)

WordPress 4.0.x Cross-Domain Flash Injection Vulnerability (4.0 - 4.0.21)

Severity

Medium

Classification

CVE-2013-1891 CWE-22 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities