Brute Force Vulnerability in OpenCart CMS by OpenCart
CVE-2023-40834

9.8CRITICAL

Key Information:

Vendor: Opencart
Status: Opencart
Vendor: CVE Published:; 12 September 2023

Summary

OpenCart CMS v4.0.2.2 has been identified as vulnerable due to an inadequate safeguard on its login page against multiple login attempts. This flaw permits unauthenticated attackers to exploit the system through brute force strategies aimed at the password entry field, potentially compromising user accounts and sensitive data. Mitigating such risks requires implementing rate limiting and account lockout mechanisms to enhance security against unauthorized access attempts.

References

https://www.opencart.com/

https://packetstormsecurity.com/files/174525/OpenCart-CMS...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Aug 22, 2023