CVE-2023-47444: Improper Control of Generation of Code ('Code Injection')

November 15, 2023 (updated November 21, 2023)

An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.

References

0xbro.red/disclosures/disclosed-vulnerabilities/opencart-cve-2023-47444/
nvd.nist.gov/vuln/detail/CVE-2023-47444

Code Behaviors & Features

Detect and mitigate CVE-2023-47444 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →