OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function.
{ "cpes": [ "cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*" ], "severity": "High" }