CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 4 days ago•26 views

CVE-2017-20282 Joomla! Component jCart for OpenCart 2.0 SQL Injection

8.8CVSS

EUVD•added 4 days ago•4 views

EUVD-2017-19009

8.8CVSS6AI score

CVE•added 4 days ago•8 views

CVE-2017-20282

CVE-2017-20282 concerns the Joomla! Component jCart for OpenCart 2.0, where an SQL injection vulnerability exists in the product_id parameter. The flaw lets unauthenticated attackers supply crafted values via GET requests to index.php with the query string option=com_jcart&route=product/product a...

8.8CVSS6AI score

CVE•added 2026/05/17 12:11 p.m.•15 views

CVE-2018-25336

Joomla jCart for OpenCart 2.3.0.2 has a cross-site request forgery (CSRF) vulnerability. The issue allows an attacker to modify user account information without authentication by crafting malicious HTML forms targeting endpoints, resulting in changes to user credentials, passwords, and affiliate ...

Vulnrichment•added 2026/05/17 12:11 p.m.•7 views

CVE-2018-25336 jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery

jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details...

CNNVD•added 2026/05/17 12:0 a.m.•7 views

Joomla jCart for OpenCart 跨站请求伪造漏洞

Joomla jCart for OpenCart is an open-source extension that integrates Joomla with OpenCart. It’s a e-commerce shopping cart extension. Version 2.3.0.2 of Joomla jCart for OpenCart contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery,...

CNNVD•added 2026/05/17 12:0 a.m.•8 views

Joomla JoomOCShop 跨站请求伪造漏洞

Joomla JoomOCShop is an open-source extension for Joomla that supports the integration of Joomla and OpenCart. Version 1.0 of Joomla JoomOCShop contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, which may allow attackers to perform...

5.3CVSS5.7AI score0.00164EPSS

Exploits0References1

Positive Technologies•added 2026/05/17 12:0 a.m.•6 views

PT-2026-41562

Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account...

RedhatCVE•added 2026/05/11 8:25 p.m.•4 views

CVE-2021-47923

OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID cookie values that the server accepts and maintains, enabling session takeover and unauthorized...

9.8CVSS5.9AI score0.00423EPSS

Exploits0References1

EUVD•added 2026/05/10 3:31 p.m.•12 views

EUVD-2021-34812

OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability that allows attackers to change user passwords by sending crafted requests to the account/password endpoint. Attackers can trick authenticated users into submitting hidden forms with new password values in the 'password' and...

5.3CVSS5.7AI score0.00126EPSS

EUVD•added 2026/05/10 3:31 p.m.•7 views

EUVD-2021-34806

OpenCart 3.0.36 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and accoun...

6.9CVSS5.7AI score0.00151EPSS

EUVD•added 2026/05/10 3:31 p.m.•13 views

EUVD-2021-34790

Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the productid parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...

8.8CVSS5.9AI score0.00276EPSS

EUVD•added 2026/05/10 3:31 p.m.•4 views

EUVD-2021-34785

9.8CVSS5.9AI score0.00423EPSS

Snyk•added 2026/05/10 2:20 p.m.•4 views

User Impersonation

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to User Impersonation via the OCSESSID cookie. An attacker can gain unauthorized access to user accounts by injecting arbitrary values into the session cookie, allowing session takeover...

9.8CVSS5.9AI score0.00423EPSS

Snyk•added 2026/05/10 2:19 p.m.•6 views

Cross-site Request Forgery (CSRF)

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the /account/edit endpoint. An attacker can alter account details, such as email addresses, by tricking users into visiting malicious pages, and subsequentl...

8.3CVSS5.8AI score0.00151EPSS

Snyk•added 2026/05/10 2:17 p.m.•7 views

Cross-site Request Forgery (CSRF)

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the account/password process. An attacker can change user passwords by sending crafted requests to the relevant endpoint, potentially hijacking accounts...

7.4CVSS5.8AI score0.00126EPSS

NVD•added 2026/05/10 1:16 p.m.•10 views

CVE-2021-47953

5.3CVSS0.00126EPSS

NVD•added 2026/05/10 1:16 p.m.•10 views

CVE-2021-47946

OpenCart 3.0.3.6 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and accou...

6.9CVSS0.00151EPSS