CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20491
https://notcve.org/view.php?id=CVE-2020-20491
SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php. • https://github.com/opencart/opencart/issues/7612 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 3CVE-2013-1891 – OpenCart 1.5.5.1 - 'FileManager.php' Directory Traversal Arbitrary File Access
https://notcve.org/view.php?id=CVE-2013-1891
In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed. En OpenCart versiones 1.4.7 a 1.5.5.1, el código anti-traversal implementado en el archivo filemanager.php es ineficaz y puede ser evitado • https://www.exploit-db.com/exploits/24877 http://www.waraxe.us/advisory-98.html https://seclists.org/fulldisclosure/2013/Mar/176 https://www.openwall.com/lists/oss-security/2013/03/24/1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-13067
https://notcve.org/view.php?id=CVE-2018-13067
/upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password. /upload/catalog/controller/account/password.php en OpenCart hasta la versión 3.0.2.0 tiene Cross-Site Request Forgery (CSRF) mediante el URI index.php?route=account/password para cambiar la contraseña de un usuario. • https://whitehatck01.blogspot.com/2018/06/opencart-v3-0-3-0-user-changes-password.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11494
https://notcve.org/view.php?id=CVE-2018-11494
The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code']. La característica "program extension upload" en OpenCart hasta la versión 3.0.2.0 tiene un proceso en seis pasos (subir, instalar, descomprimir, mover, xml, eliminar) que permite que los atacantes ejecuten código arbitrario si se omite el paso de eliminar. Esto se debe a que el atacante puede descubrir un nombre de directorio temporal secreto (que contiene 10 dígitos aleatorios) mediante un ataque de salto de directorio relacionado con language_info['code']. • http://www.bigdiao.cc/2018/05/24/Opencart-v3-0-2-0 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11495
https://notcve.org/view.php?id=CVE-2018-11495
OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php. OpenCart hasta la versión 3.0.2.0 permite el salto de directorio en la función editDownload en admin\model\catalog\download.php mediante admin/index.php? • http://www.bigdiao.cc/2018/05/24/Opencart-v3-0-2-0 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •