CVE-2023-47444
https://notcve.org/view.php?id=CVE-2023-47444
An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server. Un problema descubierto en OpenCart 4.0.0.0 a 4.0.2.3 permite que los usuarios backend autenticados que tienen privilegios de escritura comunes/de seguridad puedan escribir datos arbitrarios que no sean de confianza dentro de config.php y admin/config.php, lo que resulta en la ejecución remota de código en el servidor subyacente. • https://0xbro.red/disclosures/disclosed-vulnerabilities/opencart-cve-2023-47444 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-2315 – Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2
https://notcve.org/view.php?id=CVE-2023-2315
Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server Path Traversal en las versiones 4.0.0.0 a 4.0.2.2 de OpenCart permite a un usuario autenticado con privilegios de acceso/modificación en el componente de Log vaciar archivos arbitrarios en el servidor • https://github.com/opencart/opencart/commit/0a8dd91e385f70e42795380009fd644224c1bc97 https://starlabs.sg/advisories/23/23-2315 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-40834 – OpenCart CMS 4.0.2.2 Brute Force
https://notcve.org/view.php?id=CVE-2023-40834
OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated attackers to gain access to the application via a brute force attack to the password parameter. OpenCart v4.0.2.2 es vulnerable al Ataque de Fuerza bruta. OpenCart CMS version 4.0.2.2 suffers from a login brute forcing vulnerability. • https://packetstormsecurity.com/files/174525/OpenCart-CMS-4.0.2.2-Brute-Force.html https://www.opencart.com • CWE-307: Improper Restriction of Excessive Authentication Attempts •