Description
An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.
Remediation
References
Related Vulnerabilities
WordPress Plugin Loginizer Multiple Vulnerabilities (1.3.5)
MySQL CVE-2020-2925 Vulnerability (CVE-2020-2925)
OpenSSL Other Vulnerability (CVE-2014-3505)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0837)
WordPress Plugin Google +1 by BestWebSoft Cross-Site Scripting (1.3.3)