Description
A vulnerability has been found in OpenCart 4.0.2.3. Affected by this issue is the function Save of the file admin/controller/design/template.php of the component Incomplete Fix CVE-2024-36694. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.
Remediation
References
Related Vulnerabilities
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-9066)
ClipBucket Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2013-10040)
WordPress Plugin Translate WordPress with GTranslate Cross-Site Scripting (2.8.64)
Drupal 7PK - Security Features Vulnerability (CVE-2016-3163)