Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opencart opencart vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2020-20491
SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote malicious user to execute arbitrary code via the Fba plugin function in upload/admin/index.php.
Opencart Opencart
9.8
CVSSv3
CVE-2023-40834
OpenCart CMS v4.0.2.2 exists to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated malicious users to gain access to the application via a brute force attack to the password parameter.
Opencart Opencart 4.0.2.2
NA
CVE-2009-1027
SQL injection vulnerability in OpenCart 1.1.8 allows remote malicious users to execute arbitrary SQL commands via the order parameter.
Opencart Opencart 1.1.8
4.8
CVSSv3
CVE-2020-29470
OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an malicious user to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the a...
Opencart Opencart 3.0.3.6
4.8
CVSSv3
CVE-2020-29471
OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.
Opencart Opencart 3.0.3.6
5.4
CVSSv3
CVE-2020-10596
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section.
Opencart Opencart 3.0.3.2
2 Github repositories
4.9
CVSSv3
CVE-2021-37823
OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background.
Opencart Opencart 3.0.3.7
NA
CVE-2011-3763
OpenCart 1.4.9.3 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/startup.php and certain other files.
Opencart Opencart 1.4.9.3
4.8
CVSSv3
CVE-2020-13980
OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is ...
Opencart Opencart 3.0.3.3
3.5
CVSSv3
CVE-2020-28838
Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows malicious user to add cart items via Add to cart.
Opencart Opencart 3.0.3.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »