Vulnerabilities > Opencart > Opencart > 3.0.3.2

DATE CVE VULNERABILITY TITLE RISK
2023-06-20 CVE-2020-20491 SQL Injection vulnerability in Opencart
SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php.
network
low complexity
opencart CWE-89
7.2
7.2
2020-03-17 CVE-2020-10596 Cross-site Scripting vulnerability in Opencart 3.0.3.2
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section.
network
opencart CWE-79
3.5
3.5
2019-08-15 CVE-2019-15081 Cross-site Scripting vulnerability in Opencart
OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages.
network
low complexity
opencart CWE-79
4.8
4.8