Description
OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Simple Custom CSS and JS Cross-Site Scripting (3.3)
WordPress Plugin Twitter LiveBlog Cross-Site Request Forgery (1.1.2)
WordPress Plugin Integration for WooCommerce and QuickBooks Cross-Site Scripting (1.1.8)
WordPress Plugin Plugin:Newsletter 'data' Parameter Information Disclosure (1.5)
WordPress Plugin Collision Testimonials 'admin.php' SQL Injection (3.0)