Miggo Logo
Miggo Vulnerability Database
CVE-2024-36694

CVE-2024-36694: openCart Server-Side Template Injection (SSTI) vulnerability

8.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-36694
GHSA ID
GHSA-xrh7-2gfq-4rcq
EPSS Score
0.30451%
CWE
CWE-94
Published
7/17/2024
Updated
12/18/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
opencart/opencartcomposer<= 4.0.2.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in two key components:

  1. The Theme Editor controller (design/theme) accepts unsanitized user input and writes it directly to template files. This is evidenced by the PoC where Twig syntax {{7*7}} is stored and later executed.
  2. OpenCart's Twig implementation lacks sandbox mode (as confirmed by the recommended mitigation steps), allowing dangerous functions like 'system' to be called via template filters. The combination of uncontrolled template modification and unsafe template rendering creates an SSTI chain. While the exact line numbers aren't available from sources, the admin theme editor workflow and Twig's role in template execution are clearly implicated based on reproduction steps and CWE-1336 classification.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* S*rv*r-Si** T*mpl*t* Inj**tion (SSTI) vuln*r**ility in t** T**m* **itor *un*tion o* op*n**rt proj**t v*.*.*.* *llows *tt**k*rs to *x**ut* *r*itr*ry *o** vi* inj**tin* * *r**t** p*ylo**.

Reasoning

T** vuln*r**ility m*ni**sts in two k*y *ompon*nts: *. T** T**m* **itor *ontroll*r (**si*n/t**m*) ****pts uns*nitiz** us*r input *n* writ*s it *ir**tly to t*mpl*t* *il*s. T*is is *vi**n*** *y t** Po* w**r* Twi* synt*x {{***}} is stor** *n* l*t*r *x**u