Vulnerabilities > Opencart > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-15 | CVE-2023-47444 | Code Injection vulnerability in Opencart 4.0.0.0 An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server. | 8.8 |
| 2023-09-27 | CVE-2023-2315 | Path Traversal vulnerability in Opencart 4.0.0.0 Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server | 8.8 |
| 2023-06-20 | CVE-2020-20491 | SQL Injection vulnerability in Opencart SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php. | 7.2 |
| 2018-03-20 | CVE-2014-3990 | Server-Side Request Forgery (SSRF) vulnerability in Opencart The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request. | 7.5 |
| 2010-03-10 | CVE-2010-0956 | SQL Injection vulnerability in Opencart 1.3.2 SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |
| 2009-03-20 | CVE-2009-1027 | SQL Injection vulnerability in Opencart 1.1.8 SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter. | 7.5 |