Description

An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.

Remediation

References

CVE-2023-47444

Related Vulnerabilities

WordPress Plugin Google Analytics Top Content Widget Cross-Site Scripting (1.5.6)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.25)

WordPress Plugin Realty by BestWebSoft Cross-Site Scripting (1.0.9)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-2221)

Beego Framework Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2024-40465)

Severity

High

Classification

CVE-2023-47444 CWE-94 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities