CVE-2023-2315: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

September 27, 2023

Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server

References

github.com/opencart/opencart/commit/0a8dd91e385f70e42795380009fd644224c1bc97
nvd.nist.gov/vuln/detail/CVE-2023-2315
starlabs.sg/advisories/23/23-2315/

Detect and mitigate CVE-2023-2315 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →