exploitDog

CVE-2024-36694

Опубликовано: 18 дек. 2024

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function.

Ссылки

https://github.com/A3h1nt/CVEs/blob/main/OpenCart/Readme.md
Exploit
Third Party Advisory
https://github.com/PawaritSanguanpang/CVEs/blob/main/OpenCart/CVE-2024-36694/README.md
Exploit
Third Party Advisory
https://github.com/opencart/opencart/issues/13863
Issue Tracking
Vendor Advisory
https://github.com/opencart/opencart/releases/tag/4.0.2.3
Product
https://medium.com/@pawarit.sanguanpang/opencart-v4-0-2-3-server-side-template-injection-0b173a3bdcf9
Exploit
Third Party Advisory
https://medium.com/@pawarit.sanguanpang/opencart-v4-0-2-3-server-side-template-injection-0b173a3bdcf9
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opencart:opencart:4.0.2.3:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00594

Низкий

7.2 High

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-xrh7-2gfq-4rcq

CVSS3: 8

github

больше 1 года назад

openCart Server-Side Template Injection (SSTI) vulnerability

EPSS

Процентиль: 69%

0.00594

Низкий

7.2 High

CVSS3

Дефекты

CWE-94