SQL injection vulnerability in OpenCart 1.1.8 allows remote malicious users to execute arbitrary SQL commands via the order parameter.
opencart opencart 1.1.8