Date: Sat, 23 Mar 2013 14:19:22 +0200 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Cc: come2waraxe@...oo.com Subject: CVE request: OpenCart filemanager.php parameter traversal arbitrary file access Hello Kurt and list members, Can we assign CVE identifier for security vulnerability in OpenCart, thanks. References: http://www.waraxe.us/advisory-98.html http://osvdb.org/91500 http://seclists.org/fulldisclosure/2013/Mar/176 Credits: Janek Vind "waraxe" Advisory ID: waraxe-2013-SA#098 Disclosure date: 2013-03-19 Status: not fixed in upstream CVSSv2 Base Score = 5.0 Affected (from advisory) are all OpenCart versions, from 1.4.7 to 126.96.36.199, maybe older too. Janek confirmed he has not requested CVE yet. I will contact OpenCart again later today and ask status for the fix. -- Henri Salo Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.