Opencart

Opencart

46 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.7

CVE-2025-1747

  • EPSS 0.24%
  • Veröffentlicht 28.02.2025 14:15:35
  • Zuletzt bearbeitet 07.05.2025 19:47:20

HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/login.

4.7

CVE-2025-1749

  • EPSS 0.24%
  • Veröffentlicht 28.02.2025 14:15:35
  • Zuletzt bearbeitet 07.05.2025 19:49:23

HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/voucher.

6.1

CVE-2025-1746

  • EPSS 0.22%
  • Veröffentlicht 28.02.2025 14:15:34
  • Zuletzt bearbeitet 07.05.2025 19:47:12

Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the search in the /product/search endpoint. T...

6.3

CVE-2025-0580

  • EPSS 0.38%
  • Veröffentlicht 20.01.2025 03:15:08
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/rest_api&action=getOrders of the component REST API Module...

7.5

CVE-2025-0579

  • EPSS 0.38%
  • Veröffentlicht 20.01.2025 03:15:08
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A vulnerability was found in Shiprocket Module 3/4 on OpenCart. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php?route=extension/shiprocket/module/restapi of the component REST API Mo...

7.5

CVE-2025-0460

  • EPSS 0.44%
  • Veröffentlicht 14.01.2025 16:15:34
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A vulnerability, which was classified as critical, was found in Blog Botz for Journal Theme 1.0 on OpenCart. This affects an unknown part of the file /index.php?route=extension/module/blog_add. The manipulation of the argument image leads to unrestri...

7.2

CVE-2024-36694

Exploit
  • EPSS 0.89%
  • Veröffentlicht 18.12.2024 20:15:22
  • Zuletzt bearbeitet 22.04.2025 15:36:02

OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function.

7.2

CVE-2024-21519

Exploit
  • EPSS 0.72%
  • Veröffentlicht 22.06.2024 05:15:11
  • Zuletzt bearbeitet 21.11.2024 08:54:36

This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a b...

7.2

CVE-2024-21518

Exploit
  • EPSS 14.13%
  • Veröffentlicht 22.06.2024 05:15:11
  • Zuletzt bearbeitet 21.11.2024 08:54:36

This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem a...

6.1

CVE-2024-21517

Exploit
  • EPSS 0.39%
  • Veröffentlicht 22.06.2024 05:15:11
  • Zuletzt bearbeitet 29.04.2026 01:00:01

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this ...