NotCVE - vendor:"Opencart" product:"Opencart" version:"1.3.2"

Page 2 of 7 results (0.011 seconds)

CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 4

CVE-2014-3990 – OpenCart 1.5.6.4 PHP Object Injection

https://notcve.org/view.php?id=CVE-2014-3990

The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request. El método Cart::getProducts en system/library/cart.php en OpenCart, en versiones 1.5.6.4 y anteriores, permite que atacantes remotos lleven a cabo ataques de SSRF (Server-Side Request Forgery) o de XEE (XML External Entity), así como ejecutar código arbitrario mediante un objeto PHP serializado manipulado. Esto se relaciona con el parámetro quantity en una petición de actualización. OpenCart versions 1.5.6.4 and below suffer from a PHP objection injection vulnerability. • http://karmainsecurity.com/KIS-2014-08 http://packetstormsecurity.com/files/127460/OpenCart-1.5.6.4-PHP-Object-Injection.html http://seclists.org/fulldisclosure/2014/Jul/67 http://www.securityfocus.com/archive/1/532763/100/0/threaded http://www.securityfocus.com/bid/68529 https://github.com/opencart-ce/opencart-ce/commit/c2aafc823bd85876f5e888f8ebc421069a5e076f • CWE-611: Improper Restriction of XML External Entity Reference CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

CVE-2010-0956

https://notcve.org/view.php?id=CVE-2010-0956

SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter. Vulnerabilidad de inyección SQL en index.php en OpenCart v1.3.2 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro page. • http://packetstormsecurity.org/1003-exploits/opencart-sql.txt http://www.securityfocus.com/bid/38605 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

1 2