Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opencart opencart vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2018-11231
In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information.
Divido Divido -
9.8
CVSSv3
CVE-2014-3990
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and previous versions allows remote malicious users to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted ser...
Opencart Opencart
7.2
CVSSv3
CVE-2016-10509
SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) parameter to openbay.php.
Opencart Opencart
6.1
CVSSv3
CVE-2015-4671
Cross-site scripting (XSS) vulnerability in OpenCart prior to 2.1.0.2 allows remote malicious users to inject arbitrary web script or HTML via the zone_id parameter to index.php.
Opencart Opencart
NA
CVE-2011-3763
OpenCart 1.4.9.3 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/startup.php and certain other files.
Opencart Opencart 1.4.9.3
NA
CVE-2010-1610
Cross-site request forgery (CSRF) vulnerability in index.php in OpenCart 1.4 allows remote malicious users to hijack the authentication of an application administrator for requests that create an administrative account via a POST request with the route parameter set to "user...
Opencart Opencart 1.4
NA
CVE-2010-0956
SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote malicious users to execute arbitrary SQL commands via the page parameter.
Opencart Opencart 1.3.2
NA
CVE-2009-1621
Directory traversal vulnerability in index.php in OpenCart 1.1.8 allows remote malicious users to read arbitrary files via a .. (dot dot) in the route parameter.
Opencart Opencart 1.1.8
1 EDB exploit
NA
CVE-2009-1027
SQL injection vulnerability in OpenCart 1.1.8 allows remote malicious users to execute arbitrary SQL commands via the order parameter.
Opencart Opencart 1.1.8
NA
CVE-2008-3130
Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenCart 0.7.7 allow remote malicious users to inject arbitrary web script or HTML via the (1) firstname and (2) search parameters. NOTE: the provenance of this information is unknown; the details are obtained so...
Simple Machines Opencart 0.7.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3