CVE-2024-36694
7.2HIGHOpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function.
Published: 12/18/2024Updated: 4/22/2025
Description
OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function.
AI AnalysisPowered by AI
Affected Products
opencartopencart
4.0.2.3
References
- https://github.com/A3h1nt/CVEs/blob/main/OpenCart/Readme.mdExploitThird Party Advisory
- https://github.com/PawaritSanguanpang/CVEs/blob/main/OpenCart/CVE-2024-36694/README.mdExploitThird Party Advisory
- https://github.com/opencart/opencart/issues/13863Issue TrackingVendor Advisory
- https://github.com/opencart/opencart/releases/tag/4.0.2.3Product
- https://medium.com/@pawarit.sanguanpang/opencart-v4-0-2-3-server-side-template-injection-0b173a3bdcf9ExploitThird Party Advisory
- https://medium.com/@pawarit.sanguanpang/opencart-v4-0-2-3-server-side-template-injection-0b173a3bdcf9ExploitThird Party Advisory