OpenCart Path Traversal Vulnerability in Extension Installer Component

A path traversal vulnerability has been identified in OpenCart version 4.1.0.3, specifically within the extension installer component's installer.php file. This vulnerability allows an authenticated administrator to upload a malicious .ocmod.zip file that exploits improper validation of ZIP entry names. The exploitation can lead to arbitrary file writing outside the designated extension directory, with the potential for remote code execution depending on the server configuration and the location of the written files.

Impact

Exploitation of this vulnerability allows for arbitrary file writing, which could lead to remote code execution, depending on the target path and server configuration.

Reproduction

To reproduce this vulnerability, log into the OpenCart administrator dashboard and navigate to Extensions -> Installer. Upload a crafted .ocmod.zip package that includes a valid install.json file and archive entries designed to exploit the path traversal vulnerability by including traversal sequences. Once the package is uploaded, click Install and observe that the installation process does not reject the invalid archive paths, allowing the exploitation to occur.