CVE-2017-20282

Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productid parameter. Attackers can send GET requests to index.php with the option=comjcart&route=product/product...

CVE-2018-25336

jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details...

CVE-2018-25336 jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery

jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details...

EUVD-2018-21855

Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account...

CVE-2018-25336

jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details...

CVE-2021-47953

OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability that allows attackers to change user passwords by sending crafted requests to the account/password endpoint. Attackers can trick authenticated users into submitting hidden forms with new password values in the 'password' and...

CVE-2021-47946

OpenCart 3.0.3.6 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and accou...

CVE-2021-47946 OpenCart 3.0.3.6 Account Takeover via Cross Site Request Forgery

OpenCart 3.0.3.6 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and accou...

CVE-2024-58341

OpenCart Core 4.0.2.3 contains a SQL injection vulnerability in the product search endpoint, exploitable by unauthenticated attackers via the query parameter 'search'. Attackers can submit crafted GET requests to perform boolean-based blind or time-based blind SQL injection to extract sensitive d...

CVE-2025-15116

A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing a manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...

Cross-site Scripting (XSS)

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Scripting XSS via the blog editor process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by injecting malicious scripts into blog content...

OpenCart 安全漏洞

OpenCart is an open source e-commerce system by the OpenCart team in China. The system provides modules for product reviews, product ratings, and product additions. A security vulnerability exists in OpenCart version 4.1.0.4, which stems from improper blog editor input cleanup and could lead to...

OpenCart 安全漏洞

OpenCart is an open source e-commerce system by the OpenCart team in China. The system provides modules for product reviews, product ratings, and product additions. A security vulnerability exists in OpenCart version 4.1.0.4, which stems from an unvalidated SVG file that could lead to stored...

Cross-site Scripting (XSS)

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Scripting XSS through the modification of the parameter name in /account/login. An attacker can modify the HTML content of the victim's browser by sending a malicious URL. Details...

Cross-site Scripting (XSS)

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Scripting XSS through the modification of the parameter name in /account/register. An attacker can modify the HTML content of the victim's browser by sending a malicious URL. Detail...

OpenCart 跨站脚本漏洞

OpenCart is an open source e-commerce system by the Chinese OpenCart team. The system provides modules for product reviews, product ratings, and product additions. A cross-site scripting vulnerability exists in OpenCart versions prior to 4.1.0. An attacker can exploit this vulnerability to modify...

PT-2025-4067 · Opencart +1 · Opencart +1

Name of the Vulnerable Software and Affected Versions: Aridius XYZ up to 20240927 on OpenCart Description: The issue affects the loadMore function of the News component, leading to deserialization. It can be initiated remotely. Recommendations: Aridius XYZ up to 20240927 on OpenCart: Upgrade the...

Shiprocket Module 3 on OpenCart 安全漏洞

Shiprocket Module 3 on OpenCart is a shipping module from Shiprocket. A security vulnerability exists in Shiprocket Module 3 on OpenCart v3, which stems from the parameter contentHash in the file /index.php?route=extension/module/restapi&action=getOrders that can lead to authorization errors...

PT-2025-3970 · Opencart +1 · Opencart +1

Name of the Vulnerable Software and Affected Versions: Shiprocket Module 3/4 on OpenCart affected versions not specified Description: A critical issue has been found in the Shiprocket Module 3/4 on OpenCart, affecting an unknown functionality of the file...

SQL Injection

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to SQL Injection. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the...