Miggo Logo

CVE-2021-44111: Path Traversal in S-Cart

4.4

CVSS Score
3.1

Basic Information

EPSS Score
0.19297%
Published
2/12/2022
Updated
2/3/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
s-cart/s-cartcomposer< 6.7.26.7.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability occurs in the backup download handler where user-controlled input ('download' parameter) is directly used to build a filesystem path without proper sanitization. The original code checked file existence but didn't validate() path containment, enabling traversal attacks. The patch added a glob-based whitelist check (in_array($file, $listFiles)) to restrict access to legitimate backup files. The AdminBackupController::index method is explicitly referenced in both the vulnerability report and GitHub issue #102 as the vulnerable endpoint.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *ir**tory Tr*v*rs*l vuln*r**ility *xists in S-**rt *.* vi* *ownlo** in s*-**min/***kup.

Reasoning

T** vuln*r**ility o**urs in t** ***kup *ownlo** **n*l*r w**r* us*r-*ontroll** input ('*ownlo**' p*r*m*t*r) is *ir**tly us** to *uil* * *il*syst*m p*t* wit*out prop*r s*nitiz*tion. T** ori*in*l *o** ****k** *il* *xist*n** *ut *i*n't `v*li**t*()` p*t*