An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
opencart opencart |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Web storefront maker fixed the flaw, but not before blasting infoseccer
The owner of the e-commerce store management system OpenCart has responded with hostility to a security researcher disclosing a vulnerability in the product. Penetration tester Mattia Brollo brought a static code injection vulnerability to the attention of OpenCart by opening a GitHub issue on October 14, only to be met with numerous dismissive and offensive responses from Daniel Kerr, OpenCart's owner. Before Kerr's involvement, Brollo claims he spent close to a month trying to reach OpenCart v...
Vulmon