CVSS: 9.8EPSS: 11%CPEs: 1EXPL: 5CVE-2014-3990 – OpenCart 1.5.6.4 PHP Object Injection
https://notcve.org/view.php?id=CVE-2014-3990
14 Jul 2014 — The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request. El método Cart::getProducts en system/library/cart.php en OpenCart, en versiones 1.5.6.4 y anteriores, permite que atacantes remotos lleven a cabo ataques de SSRF (Server-S... • https://packetstorm.news/files/id/127460 • CWE-611: Improper Restriction of XML External Entity Reference CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 1CVE-2011-3763
https://notcve.org/view.php?id=CVE-2011-3763
24 Sep 2011 — OpenCart 1.4.9.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/startup.php and certain other files. OpenCart v1.4.9.3 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con system/startup.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-1610
https://notcve.org/view.php?id=CVE-2010-1610
29 Apr 2010 — Cross-site request forgery (CSRF) vulnerability in index.php in OpenCart 1.4 allows remote attackers to hijack the authentication of an application administrator for requests that create an administrative account via a POST request with the route parameter set to "user/user/insert." NOTE: some of these details are obtained from third party information. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en index.php en OpenCart v1.4 permite a atacantes remotos secuestrar la autenticación d... • http://blog.visionsource.org/2010/01/28/opencart-csrf-vulnerability • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2010-0956
https://notcve.org/view.php?id=CVE-2010-0956
09 Mar 2010 — SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter. Vulnerabilidad de inyección SQL en index.php en OpenCart v1.3.2 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro page. • http://packetstormsecurity.org/1003-exploits/opencart-sql.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2009-1621 – Opencart 1.1.8 - 'route' Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-1621
12 May 2009 — Directory traversal vulnerability in index.php in OpenCart 1.1.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the route parameter. Vulnerabilidad de salto de directorio en index.php en OpenCart v1.1.8 permite a atacantes remotos leer archivos de su elección a través de un .. (punto punto) en el parámetro route. • https://www.exploit-db.com/exploits/8539 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2009-1027
https://notcve.org/view.php?id=CVE-2009-1027
20 Mar 2009 — SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter. Vulnerabilidad de inyección SQL en OpenCart v1.1.8 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "order". • http://secunia.com/advisories/34313 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-3130
https://notcve.org/view.php?id=CVE-2008-3130
10 Jul 2008 — Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenCart 0.7.7 allow remote attackers to inject arbitrary web script or HTML via the (1) firstname and (2) search parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en index.php de OpenCart 0.7.7, permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de los paráme... • http://secunia.com/advisories/30177 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •