Lucene search

[email protected]NVD:CVE-2021-37823

HistoryNov 03, 2022 - 5:15 p.m.

CVE-2021-37823

2022-11-0317:15:17

CWE-89

[email protected]

web.nvd.nist.gov

opencart

sql injection

vulnerability

database

server files

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

32.8%

JSON

OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background.

Affected configurations

Nvd

Node

opencartopencartMatch3.0.3.7

VendorProductVersionCPE
opencartopencart3.0.3.7cpe:2.3:a:opencart:opencart:3.0.3.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opencart	opencart	3.0.3.7	cpe:2.3:a:opencart:opencart:3.0.3.7:::::::*

References

medium.com/%40nowczj/sql-injection-exists-in-the-background-of-opencart-d41b5c58e99e

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

32.8%

JSON

Related for NVD:CVE-2021-37823

osv2 prion1 cvelist1 cve1 veracode1 github1