SQL Injection in OpenCart Affects Sensitive Database Information
CVE-2021-37823

4.9MEDIUM

Key Information:

Vendor: Opencart
Status: Opencart
Vendor: CVE Published:; 3 November 2022

Summary

OpenCart version 3.0.3.7 is susceptible to SQL injection vulnerabilities that can be exploited by unauthorized users to access sensitive database information and read server files. This vulnerability arises from improper validation of user inputs is processed in the background, making it a significant concern for the security of web applications utilizing this platform.

References

https://medium.com/%40nowczj/sql-injection-exists-in-the-...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 3, 2022
Vulnerability Reserved
Aug 2, 2021