CVE-2023-40834

OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated attackers to gain access to the application via a brute force attack to the password parameter.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:opencart:opencart:4.0.2.2:*:*:*:*:*:*:*

History

08 Mar 2024, 16:15

Type Values Removed Values Added
Summary (en) OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated attackers to gain access to the application via a brute force attack. (en) OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated attackers to gain access to the application via a brute force attack to the password parameter.

08 Mar 2024, 13:15

Type Values Removed Values Added
Summary (en) OpenCart v4.0.2.2 is vulnerable to Brute Force Attack. (en) OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated attackers to gain access to the application via a brute force attack.

14 Sep 2023, 00:45

Type Values Removed Values Added
CPE cpe:2.3:a:opencart:opencart:4.0.2.2:*:*:*:*:*:*:*
CWE CWE-307
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References (MISC) https://packetstormsecurity.com/files/174525/OpenCart-CMS-4.0.2.2-Brute-Force.html - (MISC) https://packetstormsecurity.com/files/174525/OpenCart-CMS-4.0.2.2-Brute-Force.html - Exploit, Third Party Advisory, VDB Entry
References (MISC) https://www.opencart.com/ - (MISC) https://www.opencart.com/ - Product
First Time Opencart
Opencart opencart

12 Sep 2023, 14:47

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-12 14:15

Updated : 2024-03-08 16:15


NVD link : CVE-2023-40834

Mitre link : CVE-2023-40834

CVE.ORG link : CVE-2023-40834


JSON object : View

Products Affected

opencart

  • opencart
CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts