CVE-2023-47444

Name of the Vulnerable Software and Affected Versions OpenCart versions 4.0.0.0 through 4.0.2.3

Description The issue allows authenticated backend users with common/security write privilege to write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server. This can be exploited by a remote attacker to execute arbitrary code on the server.

Recommendations For OpenCart versions 4.0.0.0 through 4.0.2.3, consider disabling the write privilege for common/security to prevent exploitation until a patch is available. Restrict access to the config.php and admin/config.php files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.