See Recorded Future’s Threat Intelligence Solutions in Action

See our Threat Intelligence Solutions in Action

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

Book a free demo

View Solutions to Reduce Risk

See Recorded Future’s Intelligence in Action

Reduce operational risk through timely, precise, and actionable intelligence.

Book a free demo

Intelligence Cloud Overview

View Services & Support Overview

View Research Overview

CVE-2023-40834

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 12, 2023

Updated: Mar 8, 2024

CWE ID 307

Summary

CVE-2023-40834 is a vulnerability affecting OpenCart CMS version 4.0.2.2. This issue stems from the absence of a security measure on the login page, leaving it susceptible to brute force attacks. Unauthenticated attackers can exploit this weakness by repeatedly attempting to guess valid login credentials, ultimately gaining unauthorized access to the application through the password parameter. This vulnerability poses a significant risk and underscores the importance of implementing robust authentication mechanisms to protect against brute force attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OpenCart

Affected Vendors

Opencart

Advisories, Assessments, and Mitigations

Back to Vulnerability Database