Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opencart opencart vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-47444
An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.
Opencart Opencart
2 Github repositories
1 Article
668
VMScore
CVE-2010-0956
SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote malicious users to execute arbitrary SQL commands via the page parameter.
Opencart Opencart 1.3.2
668
VMScore
CVE-2009-1027
SQL injection vulnerability in OpenCart 1.1.8 allows remote malicious users to execute arbitrary SQL commands via the order parameter.
Opencart Opencart 1.1.8
312
VMScore
CVE-2020-10596
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section.
Opencart Opencart 3.0.3.2
2 Github repositories
312
VMScore
CVE-2020-28838
Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows malicious user to add cart items via Add to cart.
Opencart Opencart 3.0.3.6
312
VMScore
CVE-2020-29471
OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.
Opencart Opencart 3.0.3.6
605
VMScore
CVE-2010-1610
Cross-site request forgery (CSRF) vulnerability in index.php in OpenCart 1.4 allows remote malicious users to hijack the authentication of an application administrator for requests that create an administrative account via a POST request with the route parameter set to "user...
Opencart Opencart 1.4
505
VMScore
CVE-2009-1621
Directory traversal vulnerability in index.php in OpenCart 1.1.8 allows remote malicious users to read arbitrary files via a .. (dot dot) in the route parameter.
Opencart Opencart 1.1.8
1 EDB exploit
312
VMScore
CVE-2020-13980
OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is ...
Opencart Opencart 3.0.3.3
445
VMScore
CVE-2011-3763
OpenCart 1.4.9.3 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/startup.php and certain other files.
Opencart Opencart 1.4.9.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »