{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T19:42:11.546","vulnerabilities":[{"cve":{"id":"CVE-2024-21519","sourceIdentifier":"report@snyk.io","published":"2024-06-22T05:15:11.620","lastModified":"2024-11-21T08:54:36.377","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including the extension), within /system/storage/backup.\r\r**Note:**\r\rIt is less likely for the created file to be available within the web root, as part of the security recommendations for the application suggest moving the storage path outside of the web root."},{"lang":"es","value":"Esto afecta a las versiones del paquete opencart/opencart desde 4.0.0.0. Se identificó un problema de creación arbitraria de archivos mediante la funcionalidad de restauración de la base de datos. Al inyectar código PHP en la base de datos, un atacante con privilegios de administrador puede crear un archivo de copia de seguridad con un nombre de archivo arbitrario (incluida la extensión), dentro de /system/storage/backup. **Nota:** Es menos probable que el archivo creado esté disponible en la raíz web, ya que parte de las recomendaciones de seguridad para la aplicación sugieren mover la ruta de almacenamiento fuera de la raíz web."}],"metrics":{"cvssMetricV31":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"report@snyk.io","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0.0","matchCriteriaId":"60390C89-394D-4A4E-BD1C-C91F57B73CFD"}]}]}],"references":[{"url":"https://github.com/opencart/opencart/blob/4.0.2.3/upload/admin/controller/tool/upload.php%23L353","source":"report@snyk.io"},{"url":"https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266579","source":"report@snyk.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/opencart/opencart/blob/4.0.2.3/upload/admin/controller/tool/upload.php%23L353","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266579","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}