Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opencart opencart vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-2315
Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server
Opencart Opencart
9.8
CVSSv3
CVE-2014-3990
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and previous versions allows remote malicious users to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted ser...
Opencart Opencart
8.8
CVSSv3
CVE-2018-13067
/upload/catalog/controller/account/password.php in OpenCart up to and including 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password.
Opencart Opencart
4.9
CVSSv3
CVE-2018-11495
OpenCart up to and including 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php.
Opencart Opencart
6.1
CVSSv3
CVE-2015-4671
Cross-site scripting (XSS) vulnerability in OpenCart prior to 2.1.0.2 allows remote malicious users to inject arbitrary web script or HTML via the zone_id parameter to index.php.
Opencart Opencart
8
CVSSv3
CVE-2018-11494
The "program extension upload" feature in OpenCart up to and including 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows malicious users to execute arbitrary code if the remove step is skipped, because the attacker can discover a sec...
Opencart Opencart
8.8
CVSSv3
CVE-2023-47444
An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.
Opencart Opencart
2 Github repositories
1 Article
7.2
CVSSv3
CVE-2016-10509
SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) parameter to openbay.php.
Opencart Opencart
4.8
CVSSv3
CVE-2019-15081
OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages.
Opencart Opencart
1 EDB exploit
1 Github repository
6.5
CVSSv3
CVE-2013-1891
In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed.
Opencart Opencart
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »