-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability stems from improper input sanitization during profile image upload and storage. The exploit requires two key components: 1) A controller function (User::upload) that accepts malicious filenames without XSS filtering, and 2) A model function (User::editUser) that persists the unsanitized filename. When the profile image is displayed in templates (e.g., user_form.tpl), the unescaped filename executes the payload. While exact code isn't available, OpenCart's architecture and the attack vector strongly implicate these core user management functions as the vulnerable components.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| opencart/opencart | composer | = 3.0.3.6 |
KEV Misses 88% of Exploited CVEs- Get the report