Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opencart opencart vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-40834
OpenCart CMS v4.0.2.2 exists to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated malicious users to gain access to the application via a brute force attack to the password parameter.
Opencart Opencart 4.0.2.2
9.8
CVSSv3
CVE-2022-41403
OpenCart 3.x Newsletter Custom Popup exists to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter.
Newsletter Subscribe \\(popup \\+ Regular Module\\) Project Newsletter Subscribe \\(popup \\+ Regular Module\\) 4.0
9.8
CVSSv3
CVE-2022-24108
The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote malicious user to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deseri...
Skyoftech So Listing Tabs 2.2.0
9.8
CVSSv3
CVE-2014-3990
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and previous versions allows remote malicious users to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted ser...
Opencart Opencart
8.8
CVSSv3
CVE-2023-47444
An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.
Opencart Opencart
2 Github repositories
1 Article
8.8
CVSSv3
CVE-2023-2315
Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server
Opencart Opencart
8.8
CVSSv3
CVE-2018-13067
/upload/catalog/controller/account/password.php in OpenCart up to and including 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password.
Opencart Opencart
8.1
CVSSv3
CVE-2018-11231
In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information.
Divido Divido -
8
CVSSv3
CVE-2018-11494
The "program extension upload" feature in OpenCart up to and including 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows malicious users to execute arbitrary code if the remove step is skipped, because the attacker can discover a sec...
Opencart Opencart
7.5
CVSSv3
CVE-2020-15478
The Journal theme prior to 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
Journal-theme Journal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »