Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opencart opencart vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-47444
An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.
Opencart Opencart
2 Github repositories
1 Article
8.8
CVSSv3
CVE-2023-2315
Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server
Opencart Opencart
9.8
CVSSv3
CVE-2023-40834
OpenCart CMS v4.0.2.2 exists to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated malicious users to gain access to the application via a brute force attack to the password parameter.
Opencart Opencart 4.0.2.2
7.2
CVSSv3
CVE-2020-20491
SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote malicious user to execute arbitrary code via the Fba plugin function in upload/admin/index.php.
Opencart Opencart
4.9
CVSSv3
CVE-2021-37823
OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background.
Opencart Opencart 3.0.3.7
9.8
CVSSv3
CVE-2022-41403
OpenCart 3.x Newsletter Custom Popup exists to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter.
Newsletter Subscribe \\(popup \\+ Regular Module\\) Project Newsletter Subscribe \\(popup \\+ Regular Module\\) 4.0
6.5
CVSSv3
CVE-2013-1891
In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed.
Opencart Opencart
1 EDB exploit
9.8
CVSSv3
CVE-2022-24108
The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote malicious user to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deseri...
Skyoftech So Listing Tabs 2.2.0
4.8
CVSSv3
CVE-2020-29470
OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an malicious user to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the a...
Opencart Opencart 3.0.3.6
4.8
CVSSv3
CVE-2020-29471
OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.
Opencart Opencart 3.0.3.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »