Vulnerabilities > Opencart > High

DATE CVE VULNERABILITY TITLE RISK
2024-06-22 CVE-2024-21514 SQL Injection vulnerability in Opencart 3.0.3.9
This affects versions of the package opencart/opencart from 0.0.0.
network
high complexity
opencart CWE-89
8.1
2024-06-22 CVE-2024-21518 Path Traversal vulnerability in Opencart
This affects versions of the package opencart/opencart from 4.0.0.0.
network
low complexity
opencart CWE-22
7.2
2024-06-22 CVE-2024-21519 Unspecified vulnerability in Opencart 4.0.0.0/4.0.2.2
This affects versions of the package opencart/opencart from 4.0.0.0.
network
low complexity
opencart
7.2
2023-11-15 CVE-2023-47444 Code Injection vulnerability in Opencart 4.0.0.0
An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.
network
low complexity
opencart CWE-94
8.8
2023-09-27 CVE-2023-2315 Path Traversal vulnerability in Opencart 4.0.0.0
Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server
network
low complexity
opencart CWE-22
8.8
2023-06-20 CVE-2020-20491 SQL Injection vulnerability in Opencart
SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php.
network
low complexity
opencart CWE-89
7.2
2018-03-20 CVE-2014-3990 Server-Side Request Forgery (SSRF) vulnerability in Opencart
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request.
network
low complexity
opencart CWE-918
7.5
2010-03-10 CVE-2010-0956 SQL Injection vulnerability in Opencart 1.3.2
SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
network
low complexity
opencart CWE-89
7.5
2009-03-20 CVE-2009-1027 SQL Injection vulnerability in Opencart 1.1.8
SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter.
network
low complexity
opencart CWE-89
7.5