Miggo Logo

CVE-2024-21518: Zip slip in opencart

7.2

CVSS Score
3.1

Basic Information

EPSS Score
0.43427%
Published
6/22/2024
Updated
8/4/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
opencart/opencartcomposer>= 4.0.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in the marketplace installer's ZIP processing. Multiple references point to line 383 in installer.php where extraction occurs. Zip Slip vulnerabilities typically occur when using ZipArchive::extractTo() or similar methods without validating entry names. The PoC demonstrates exploitation through this endpoint, and OpenCart's lack of path normalization/sanitization before extraction enables traversal. The high confidence comes from direct advisory references to this file/location and the attack pattern matching classic Zip Slip scenarios.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T*is *****ts v*rsions o* t** p**k*** op*n**rt/op*n**rt *rom *.*.*.*. * Zip Slip issu* w*s i**nti*i** vi* t** m*rk*tpl*** inst*ll*r *u* to improp*r s*nitiz*tion o* t** t*r**t p*t*, *llowin* *il*s wit*in * m*li*ious *r**iv* to tr*v*rs* t** *il*syst*m *

Reasoning

T** vuln*r**ility m*ni**sts in t** m*rk*tpl*** inst*ll*r's ZIP pro**ssin*. Multipl* r***r*n**s point to lin* *** in `inst*ll*r.p*p` w**r* *xtr**tion o**urs. Zip Slip vuln*r**iliti*s typi**lly o**ur w**n usin* `Zip*r**iv*::*xtr**tTo()` or simil*r m*t*