CVE-2023-47444: Code Injection
First published: Wed Nov 15 2023(Updated: )
An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenCart | >=4.0.0.0<=4.0.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this OpenCart issue?
The vulnerability ID for this OpenCart issue is CVE-2023-47444.
What is the severity of CVE-2023-47444?
The severity of CVE-2023-47444 is high with a severity value of 8.8.
What is the affected software version range for CVE-2023-47444?
The affected software version range for CVE-2023-47444 is OpenCart 4.0.0.0 to 4.0.2.3.
What can an authenticated backend user with common/security write privilege do in CVE-2023-47444?
An authenticated backend user with common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server in CVE-2023-47444.
Is there a reference link for more information about CVE-2023-47444?
Yes, for more information about CVE-2023-47444, you can refer to the following link: [OpenCart CVE-2023-47444](https://0xbro.red/disclosures/disclosed-vulnerabilities/opencart-cve-2023-47444/)
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/opencart
- canonical/opencart
- version/opencart/4.0.0.0
- version/opencart/4.0.2.3