Top 5 This Week

Related Posts

OpenCart Vulnerability Exposed: A Case of Neglected Cybersecurity

Getting your Trinity Audio player ready...

OpenCart Vulnerability Exposed: A Case of Neglected Cybersecurity

In a startling revelation, the e-commerce platform OpenCart was recently at the center of a cybersecurity storm. Mattia Brollo, a skilled penetration tester, uncovered a critical OpenCart vulnerability disclosure, which he attempted to communicate to the platform’s team. This disclosure, later cataloged as CVE-2023-47444, is a near-critical issue, receiving an 8.8 severity score on the CVSS 3 scale.

Cyber Security CVSS Score Rating
CVSS Score Rating

Brollo’s journey in exposing this OpenCart vulnerability disclosure was not straightforward. After struggling to get a response through OpenCart’s official channels, his findings were officially recognized by the National Vulnerability Database on November 10. However, Daniel Kerr, OpenCart’s owner, dismissed the issue as a “non-vulnerability.”

In an alarming turn of events, Kerr responded with hostility to Brollo’s outreach attempts. This exchange escalated on GitHub, where Kerr’s unprofessional responses to Brollo’s hotfix proposal were publicly visible. Despite initially rejecting the fix and offending the cybersecurity community, Kerr eventually merged Brollo’s fix into OpenCart’s master branch.

This incident is not OpenCart’s first brush with cybersecurity challenges. Historical instances dating back to 2012 highlight similar dismissive attitudes towards security concerns, notably in password-hashing practices. The community’s push for secure alternatives was often met with resistance and skepticism from OpenCart’s administration.

Despite its long-standing presence in the market since 2005 and its use by hundreds of thousands of businesses, OpenCart’s approach to cybersecurity has been a point of contention. With competitors like WooCommerce, Shopify, and Squarespace leading the market, OpenCart’s stance on security vulnerabilities, as highlighted by this OpenCart vulnerability disclosure, could impact its market position.

For more insights into the evolving cybersecurity landscape and how businesses can safeguard themselves, visit our Cyber Cogeanu news and blog. Discover similar cases and learn how to protect your digital assets effectively.

Cogeanu Marius
Cogeanu Marius
Marius Cogeanu is a distinguished IT consultant and cybersecurity virtuoso based in Prague, Czechia. With a rich 20-year journey in the IT realm, Marius has carved a niche in network security and technological solutions, adeptly harmonizing tech with business requirements. His experience spans from Kyndryl to IBM, and as a valued independent consultant, where he's renowned for his innovative approaches in enhancing business operations with cutting-edge tech.Marius's forte lies in demystifying complex IT concepts, ensuring clarity and alignment for stakeholders at all levels. His commitment to staying at the forefront of industry trends and seeking innovative solutions cements his status as a go-to expert in cybersecurity. Driven by a fervent passion for technology and its potential to revolutionize businesses, Marius thrives on tackling challenging ventures, applying his prowess in network design, IT service management, and strategic planning.Currently, Marius is focused on leading-edge IT project management, infrastructure design, and fortifying cybersecurity, guiding clients through the intricate digital landscape with unmatched expertise and insight.Discover more on


Please enter your comment!
Please enter your name here

Popular Articles