CVE-2024-21518: This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper san...

Description

This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An attacker can create arbitrary files in the web root of the application and overwrite other existing files by exploiting this vulnerability.

Metrics

CVSS 3.1

7.2/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

14.13%

96.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Opencart	Opencart	>= 4.0.0.0

References

Timeline

Published: Jun 22, 2024
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2024-21518?

This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An attacker can create arbitrary files in the web root of the application and overwrite other existing files by exploiting this vulnerability.

How severe is CVE-2024-21518?

CVE-2024-21518 has a CVSS score of 7.2/10 (HIGH severity). The EPSS model estimates a 14.13% probability of exploitation in the next 30 days.

How do I fix CVE-2024-21518?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.