Medium severity4.9NVD Advisory· Published May 26, 2018· Updated Jun 17, 2026
CVE-2018-11495
CVE-2018-11495
Description
OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
opencart/opencartPackagist | <= 3.0.2.0 | — |
Affected products
1Patches
Vulnerability mechanics
References
4- www.bigdiao.cc/2018/05/24/Opencart-v3-0-2-0/nvdExploitThird Party Advisory
- github.com/advisories/GHSA-qgrf-34hp-ghm9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-11495ghsaADVISORY
- www.bigdiao.cc/2018/05/24/Opencart-v3-0-2-0ghsaWEB
News mentions
0No linked articles in our index yet.