A vulnerability has been found in OpenCart 4.0.2.3. Affected by this issue is the function Save of the file admin/controller/design/template.php of the component Incomplete Fix CVE-2024-36694. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.
{
"cwe_ids": [
"CWE-1336",
"CWE-791"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/3xxx/CVE-2026-3714.json",
"cna_assigner": "VulDB",
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "4.0.2.3"
},
{
"last_affected": "4.0.2.3"
}
],
"source": "AFFECTED_FIELD"
}
]
}