Vulnerabilities > Opencart
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-22 | CVE-2024-21514 | SQL Injection vulnerability in Opencart 3.0.3.9 This affects versions of the package opencart/opencart from 0.0.0. | 8.1 |
| 2024-06-22 | CVE-2024-21515 | Cross-site Scripting vulnerability in Opencart This affects versions of the package opencart/opencart from 4.0.0.0. | 4.7 |
| 2024-06-22 | CVE-2024-21516 | Cross-site Scripting vulnerability in Opencart This affects versions of the package opencart/opencart from 4.0.0.0. | 4.7 |
| 2024-06-22 | CVE-2024-21517 | Cross-site Scripting vulnerability in Opencart This affects versions of the package opencart/opencart from 4.0.0.0. | 6.1 |
| 2024-06-22 | CVE-2024-21518 | Path Traversal vulnerability in Opencart This affects versions of the package opencart/opencart from 4.0.0.0. | 7.2 |
| 2024-06-22 | CVE-2024-21519 | Unspecified vulnerability in Opencart This affects versions of the package opencart/opencart from 4.0.0.0. | 7.2 |
| 2023-11-15 | CVE-2023-47444 | Code Injection vulnerability in Opencart An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server. | 8.8 |
| 2023-09-27 | CVE-2023-2315 | Path Traversal vulnerability in Opencart Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server | 8.8 |
| 2023-09-12 | CVE-2023-40834 | Improper Restriction of Excessive Authentication Attempts vulnerability in Opencart 4.0.2.2 OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated attackers to gain access to the application via a brute force attack to the password parameter. | 9.8 |
| 2023-06-20 | CVE-2020-20491 | SQL Injection vulnerability in Opencart SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php. | 7.2 |