Research: Unrestricted File Upload in BlogBotz OpenCart module

I found an Unrestricted File Upload in the BlogBotz OpenCart module.

This could allow an unauthenticated attacker to gain unauthorised access to the site / hosting infrastructure, for example via a PHP webshell or similar exploit.

Details: https://gist.github.com/mcdruid/28124198128022a1c2b4060f74d99cd6

This was assigned CVE-2025-0460