CVE-2023-2315

Name of the Vulnerable Software and Affected Versions OpenCart versions 4.0.0.0 through 4.0.2.2

Description The issue allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server. This is due to a Path Traversal vulnerability.

Recommendations For OpenCart versions 4.0.0.0 through 4.0.2.2, consider disabling access to the Log component for users with modify privileges until a patch is available. Restrict access to sensitive files on the server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.