OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background.
Max CVSS
4.9
EPSS Score
0.07%
Published
2022-11-03
Updated
2022-12-03
SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php.
Max CVSS
7.2
EPSS Score
0.06%
Published
2023-06-20
Updated
2023-06-27
SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) parameter to openbay.php.
Max CVSS
7.2
EPSS Score
0.09%
Published
2017-08-31
Updated
2017-09-06
SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
Max CVSS
7.5
EPSS Score
0.12%
Published
2010-03-10
Updated
2010-06-23
SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter.
Max CVSS
7.5
EPSS Score
0.25%
Published
2009-03-20
Updated
2018-10-10
5 vulnerabilities found