An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.
Max CVSS
8.8
EPSS Score
0.10%
Published
2023-11-15
Updated
2023-11-21
SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php.
Max CVSS
7.2
EPSS Score
0.06%
Published
2023-06-20
Updated
2023-06-27
The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code'].
Max CVSS
8.0
EPSS Score
0.08%
Published
2018-05-26
Updated
2018-06-29
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request.
Max CVSS
9.8
EPSS Score
2.57%
Published
2018-03-20
Updated
2019-04-25
4 vulnerabilities found