Description
OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2011-2257 Vulnerability (CVE-2011-2257)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-0793)
Atlassian Jira Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26137)
WordPress Plugin WP Simple Spreadsheet Fetcher for Google Cross-Site Request Forgery (0.3.6)
Apache Tomcat Improper Locking Vulnerability (CVE-2019-10072)