VYPR

Opencart

by Opencart

Source repositories

CVEs (39)

  • CVE-2025-1748Feb 28, 2025
    risk 0.00cvss epss 0.00

    HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/register.

  • CVE-2025-1747Feb 28, 2025
    risk 0.00cvss epss 0.00

    HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/login.

  • CVE-2025-1746Feb 28, 2025
    risk 0.00cvss epss 0.00

    Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the search in the /product/search endpoint. This vulnerability could be…

  • CVE-2024-36694Dec 18, 2024
    risk 0.00cvss epss 0.01

    OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function.

  • CVE-2024-21519Jun 22, 2024
    risk 0.00cvss epss 0.01

    This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary…

  • CVE-2024-21518Jun 22, 2024
    risk 0.00cvss epss 0.14

    This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary…

  • CVE-2023-47444Nov 15, 2023
    risk 0.00cvss epss 0.02

    An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.

  • CVE-2023-2315Sep 26, 2023
    risk 0.00cvss epss 0.01

    Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server

  • CVE-2023-40834Sep 12, 2023
    risk 0.00cvss epss 0.01

    OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated attackers to gain access to the application via a brute force attack to the password parameter.

  • CVE-2020-20491Jun 20, 2023
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php.

  • CVE-2021-37823Nov 3, 2022
    risk 0.00cvss epss 0.01

    OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background.

  • CVE-2022-41403Oct 12, 2022
    risk 0.00cvss epss 0.01

    OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter.

  • CVE-2022-34972Jul 5, 2022
    risk 0.00cvss epss 0.01

    So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=extension/module/so_filter_shop_by/filter_data.

  • CVE-2013-1891Jun 24, 2022
    risk 0.00cvss epss 0.06

    In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed.

  • CVE-2011-3763Sep 24, 2011
    risk 0.00cvss epss 0.02

    OpenCart 1.4.9.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/startup.php and certain other files.

  • CVE-2010-1610Apr 29, 2010
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in index.php in OpenCart 1.4 allows remote attackers to hijack the authentication of an application administrator for requests that create an administrative account via a POST request with the route parameter set to…

  • CVE-2010-0956Mar 10, 2010
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.

  • CVE-2009-1027Mar 20, 2009
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter.

  • CVE-2008-3130Jul 10, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenCart 0.7.7 allow remote attackers to inject arbitrary web script or HTML via the (1) firstname and (2) search parameters. NOTE: the provenance of this information is unknown; the details are obtained solely…

Page 2 of 2