Unrestricted File Upload Vulnerability in Blog Botz for Journal Theme on OpenCart
CVE-2025-0460

Currently unrated

Key Information:

Vendor
OpenCart
Status
Blog Botz for Journal Theme
Vendor
CVE Published:
14 January 2025

Summary

A vulnerability exists in Blog Botz for Journal Theme 1.0 on OpenCart that allows an attacker to exploit the /index.php?route=extension/module/blog_add functionality. The flaw arises from improper handling of the 'image' parameter, enabling unauthorized file uploads. This security weakness can be exploited remotely, posing significant risks of file inclusion and potential code execution. The vendor has been notified, but a response has not been received, raising concerns over the timely patching of this vulnerability.

References

https://gist.github.com/mcdruid/28124198128022a1c2b4060f7...
https://vuldb.com/?ctiid.291477
https://vuldb.com/?id.291477

Timeline

  • Vulnerability published

.
CVE-2025-0460 : Unrestricted File Upload Vulnerability in Blog Botz for Journal Theme on OpenCart | SecurityVulnerability.io