Vulnerabilities > Opencart > Opencart
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-15 | CVE-2023-47444 | Code Injection vulnerability in Opencart 4.0.0.0 An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server. | 8.8 |
| 2023-09-27 | CVE-2023-2315 | Path Traversal vulnerability in Opencart 4.0.0.0 Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server | 8.8 |
| 2023-09-12 | CVE-2023-40834 | Improper Restriction of Excessive Authentication Attempts vulnerability in Opencart 4.0.2.2 OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated attackers to gain access to the application via a brute force attack to the password parameter. | 9.8 |
| 2023-06-20 | CVE-2020-20491 | SQL Injection vulnerability in Opencart SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php. | 7.2 |
| 2022-11-03 | CVE-2021-37823 | SQL Injection vulnerability in Opencart 3.0.3.7 OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background. | 4.9 |
| 2022-06-24 | CVE-2013-1891 | Path Traversal vulnerability in Opencart 1.5.5.1 In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed. | 5.5 |
| 2020-12-29 | CVE-2020-29471 | Cross-site Scripting vulnerability in Opencart 3.0.3.6 OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. | 3.5 |
| 2020-12-29 | CVE-2020-29470 | Cross-site Scripting vulnerability in Opencart 3.0.3.6 OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. | 3.5 |
| 2020-12-11 | CVE-2020-28838 | Cross-Site Request Forgery (CSRF) vulnerability in Opencart 3.0.3.6 Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. | 3.5 |
| 2020-06-09 | CVE-2020-13980 | Cross-site Scripting vulnerability in Opencart 3.0.3.3 OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. | 4.8 |