CVE-2020-20491
https://notcve.org/view.php?id=CVE-2020-20491
SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php. • https://github.com/opencart/opencart/issues/7612 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2013-1891 – OpenCart 1.5.5.1 - 'FileManager.php' Directory Traversal Arbitrary File Access
https://notcve.org/view.php?id=CVE-2013-1891
In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed. En OpenCart versiones 1.4.7 a 1.5.5.1, el código anti-traversal implementado en el archivo filemanager.php es ineficaz y puede ser evitado • https://www.exploit-db.com/exploits/24877 http://www.waraxe.us/advisory-98.html https://seclists.org/fulldisclosure/2013/Mar/176 https://www.openwall.com/lists/oss-security/2013/03/24/1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-15081 – Opencart 3.x - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15081
OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages. OpenCart versiones 3.x, cuando el atacante tiene acceso de inicio de sesión hacia el panel de administración, permite un ataque de tipo XSS almacenado dentro de la funcionalidad de edición de Source/HTML de las páginas Categories, Product, e Information. • https://www.exploit-db.com/exploits/47331 http://packetstormsecurity.com/files/154286/Opencart-3.x-Cross-Site-Scripting.html https://github.com/nipunsomani/Opencart-3.x.x-Authenticated-Stored-XSS/blob/master/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-13067
https://notcve.org/view.php?id=CVE-2018-13067
/upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password. /upload/catalog/controller/account/password.php en OpenCart hasta la versión 3.0.2.0 tiene Cross-Site Request Forgery (CSRF) mediante el URI index.php?route=account/password para cambiar la contraseña de un usuario. • https://whitehatck01.blogspot.com/2018/06/opencart-v3-0-3-0-user-changes-password.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-11494
https://notcve.org/view.php?id=CVE-2018-11494
The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code']. La característica "program extension upload" en OpenCart hasta la versión 3.0.2.0 tiene un proceso en seis pasos (subir, instalar, descomprimir, mover, xml, eliminar) que permite que los atacantes ejecuten código arbitrario si se omite el paso de eliminar. Esto se debe a que el atacante puede descubrir un nombre de directorio temporal secreto (que contiene 10 dígitos aleatorios) mediante un ataque de salto de directorio relacionado con language_info['code']. • http://www.bigdiao.cc/2018/05/24/Opencart-v3-0-2-0 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •