Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opencart opencart vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-0956
SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote malicious users to execute arbitrary SQL commands via the page parameter.
Opencart Opencart 1.3.2
9.8
CVSSv3
CVE-2023-40834
OpenCart CMS v4.0.2.2 exists to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated malicious users to gain access to the application via a brute force attack to the password parameter.
Opencart Opencart 4.0.2.2
NA
CVE-2010-1610
Cross-site request forgery (CSRF) vulnerability in index.php in OpenCart 1.4 allows remote malicious users to hijack the authentication of an application administrator for requests that create an administrative account via a POST request with the route parameter set to "user...
Opencart Opencart 1.4
6.1
CVSSv3
CVE-2018-1000640
OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting (XSS) vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions and access to data, stealing session information, denial of service. This atta...
Villagedefrance Opencart-overclocked
NA
CVE-2008-3130
Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenCart 0.7.7 allow remote malicious users to inject arbitrary web script or HTML via the (1) firstname and (2) search parameters. NOTE: the provenance of this information is unknown; the details are obtained so...
Simple Machines Opencart 0.7.7
NA
CVE-2020-105961
OpenCart version 3.0.3.2 suffers from a persistent cross site scripting vulnerability.
9.8
CVSSv3
CVE-2022-24108
The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote malicious user to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deseri...
Skyoftech So Listing Tabs 2.2.0
7.5
CVSSv3
CVE-2020-15478
The Journal theme prior to 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
Journal-theme Journal
8.1
CVSSv3
CVE-2018-11231
In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information.
Divido Divido -
9.8
CVSSv3
CVE-2022-41403
OpenCart 3.x Newsletter Custom Popup exists to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter.
Newsletter Subscribe \\(popup \\+ Regular Module\\) Project Newsletter Subscribe \\(popup \\+ Regular Module\\) 4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3