Opencart

Opencart

46 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.7

CVE-2024-21516

Exploit
  • EPSS 0.37%
  • Veröffentlicht 22.06.2024 05:15:10
  • Zuletzt bearbeitet 29.04.2026 01:00:01

This affects versions of the package opencart/opencart from 4.0.0.0 and before 4.1.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the us...

4.7

CVE-2024-21515

Exploit
  • EPSS 0.37%
  • Veröffentlicht 22.06.2024 05:15:10
  • Zuletzt bearbeitet 29.04.2026 01:00:01

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously cr...

8.1

CVE-2024-21514

Exploit
  • EPSS 19.08%
  • Veröffentlicht 22.06.2024 05:15:09
  • Zuletzt bearbeitet 21.11.2024 08:54:35

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divid...

8.8

CVE-2023-47444

Exploit
  • EPSS 1.78%
  • Veröffentlicht 15.11.2023 22:15:27
  • Zuletzt bearbeitet 21.11.2024 08:30:17

An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlyi...

8.8

CVE-2023-2315

Exploit
  • EPSS 0.85%
  • Veröffentlicht 27.09.2023 15:18:50
  • Zuletzt bearbeitet 21.11.2024 07:58:22

Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server

9.8

CVE-2023-40834

Exploit
  • EPSS 1.09%
  • Veröffentlicht 12.09.2023 14:15:58
  • Zuletzt bearbeitet 21.11.2024 08:20:11

OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated attackers to gain access to the application via a brute force attack to the password parameter.

7.2

CVE-2020-20491

Exploit
  • EPSS 1.13%
  • Veröffentlicht 20.06.2023 15:15:10
  • Zuletzt bearbeitet 10.12.2024 20:15:07

SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php.

4.9

CVE-2021-37823

Exploit
  • EPSS 0.73%
  • Veröffentlicht 03.11.2022 17:15:17
  • Zuletzt bearbeitet 05.05.2025 14:15:21

OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background.

6.5

CVE-2013-1891

Exploit
  • EPSS 6.12%
  • Veröffentlicht 24.06.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 01:50:35

In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed.

4.8

CVE-2020-29471

Exploit
  • EPSS 1.26%
  • Veröffentlicht 29.12.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:24:03

OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.