VYPR
Medium severity4.9NVD Advisory· Published May 26, 2018· Updated Jun 17, 2026

CVE-2018-11495

CVE-2018-11495

Description

OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
opencart/opencartPackagist
<= 3.0.2.0

Affected products

1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.