CVE-2021-44111: Path Traversal in S-Cart
4.4
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.19297%
CWE
Published
2/12/2022
Updated
2/3/2023
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
s-cart/s-cart | composer | < 6.7.2 | 6.7.2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability occurs in the backup download handler where user-controlled input ('download' parameter) is directly used to build a filesystem path without proper sanitization. The original code checked file existence but didn't validate()
path containment, enabling traversal attacks. The patch added a glob-based whitelist check (in_array($file, $listFiles)
) to restrict access to legitimate backup files
. The AdminBackupController::index
method is explicitly referenced in both the vulnerability report and GitHub issue #102 as the vulnerable endpoint.