CVSS 3.1 Score 7.2 of 10 (high)


Published Jun 22, 2024
Updated: Jun 24, 2024


CVE-2024-21518 is a vulnerability that affects versions of the package opencart/opencart from This vulnerability, known as Zip Slip, allows an attacker to traverse the file system and extract files to arbitrary locations by exploiting the improper sanitization of the target path in the marketplace installer. As a result, an attacker can create malicious files in the web root of the application and overwrite existing files. The base severity of this vulnerability is rated as HIGH, with a base score of 7.2 out of 10. It requires high privileges and has a high impact on both confidentiality and integrity of an organization's system. Remediation for this vulnerability would involve updating to a version that addresses the issue or applying patches provided by the vendor.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.


Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-21518 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions