BDSA-2021-4783 |
|
Medium |
Feb 03, 2023 |
OpenCart is vulnerable to SQL injection (SQLi). This allows a remote attacker to extract, modify, and delete information from the database associated w
more...
OpenCart is vulnerable to SQL injection (SQLi). This allows a remote attacker to extract, modify, and delete information from the database associated with the application.
less...
|
|
BDSA-2021-3609 |
|
High |
Dec 01, 2021 |
OpenCart is vulnerable to a session fixation issue due to how the `OCSESSID` cookie is not sufficiently validated and can be manipulated by users.
An
more...
OpenCart is vulnerable to a session fixation issue due to how the `OCSESSID` cookie is not sufficiently validated and can be manipulated by users.
An attacker could trick a victim user into using a crafted `OCSESSID` cookie in order to hijack the victim user's session or perform other session related attacks.
less...
|
|
BDSA-2020-3713 |
|
Medium |
Dec 10, 2020 |
Opencart contains a cross-site request forgery (CSRF) vulnerability. An attacker could exploit this vulnerability in order to make changes to a victim'
more...
Opencart contains a cross-site request forgery (CSRF) vulnerability. An attacker could exploit this vulnerability in order to make changes to a victim's account.
less...
|
|
BDSA-2018-2620 |
|
Critical |
Aug 07, 2018 |
OpenCart is vulnerable to remote code execution (RCE), as an attacker can upload a malicious `.php` script to the server, and have it executed by acces
more...
OpenCart is vulnerable to remote code execution (RCE), as an attacker can upload a malicious `.php` script to the server, and have it executed by accessing the page afterwards.
less...
|
|
BDSA-2018-2613 |
|
Medium |
Aug 01, 2018 |
OpenCart is vulnerable to directory traversal, meaning that an attacker could expose confidential data for downloading, by sending a crafted link to an
more...
OpenCart is vulnerable to directory traversal, meaning that an attacker could expose confidential data for downloading, by sending a crafted link to an administrator.
less...
|
|
BDSA-2013-0090 |
|
Low |
Jun 27, 2022 |
OpenCart contains a directory traversal vulnerability due to the insufficient sanitization of user-supplied input. An attacker with administrator privi
more...
OpenCart contains a directory traversal vulnerability due to the insufficient sanitization of user-supplied input. An attacker with administrator privileges and the ability to access the `FileManager.php` endpoint could exploit this issue by using crafted character sequences that will bypass OpenCart's path validation functionality. This would potentially result in the loss of sensitive information.
less...
|
|