Vulnerabilities > Opencart > Opencart > 4.0.0.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-15 | CVE-2023-47444 | Code Injection vulnerability in Opencart 4.0.0.0 An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server. | 8.8 |
2023-09-27 | CVE-2023-2315 | Path Traversal vulnerability in Opencart 4.0.0.0 Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server | 8.8 |