OpenCart-Overclocked Cross-Site Scripting Vulnerability

OpenCart-Overclocked is an open source shopping cart application. A cross-site scripting vulnerability exists in upload/admin/view/template/extension/openbay.tplL95 in OpenCart-Overclocked 1.11.1 and earlier versions, which stems from the program not filtering user input. A remote attacker could...

SQL Injection

OpenCart is vulnerable to SQL injection. The attacks exist because it does not sanitize the courierid parameter in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php, allowing the attackers to inject malicious SQL queries through it...

OpenCart 'updateAmazonOrderTracking' Function SQL Injection Vulnerability

OpenCart is an open source e-commerce system from OpenCart China . The system provides product reviews, product ratings, product additions and other modules. An SQL injection vulnerability exists in the 'updateAmazonOrderTracking' function in the upload/admin/model/openbay/amazon.php file in...

CVE-2016-10509

SQL injection in OpenCart via OpenBay's updateAmazonOrderTracking (upload/admin/model/openbay/amazon.php) before OpenCart 2.3.0.0. The vulnerability allows remote authenticated administrators to inject arbitrary SQL through the courier_id parameter to openbay.php. Affected software: OpenCart with...

OpenCart <= 1.5.6.1 - (openbay) Multiple SQL Injection

No description provided by source. Exploit Title : OpenCart = 1.5.6.1 SQL Injection Date : 2014/3/26 Exploit Author : Saadat Ullah ? [email protected] Software Link : http://www.opencart.com/index.php?route=download/download : https://github.com/opencart Software web : www.opencart.com...

OpenCart 1.5.6.1 - openbay Multiple SQL Injections

OpenCart 1.5.6.1 - openbay Multiple SQL Injections Exploit Title : OpenCart log'getEbayItemId - Product ID: '.$productid; $qry = $this-db-query"SELECT ebayitemid FROM " . DBPREFIX . "ebaylisting WHERE productid = '".$productid."' AND status = '1' LIMIT 1"; .............. Function is called on man...

OpenCart 1.5.6.1 SQL Injection Vulnerability

OpenCart versions 1.5.6.1 and below suffer from a remote SQL injection vulnerability. Exploit Title : OpenCart log'getEbayItemId - Product ID: '.$productid; $qry = $this-db-query"SELECT ebayitemid FROM " . DBPREFIX . "ebaylisting WHERE productid = '".$productid."' AND status = '1' LIMIT 1";...

OpenCart 1.5.6.1 - &#039;openbay&#039; Multiple SQL Injections

Exploit Title : OpenCart log'getEbayItemId - Product ID: '.$productid; $qry = $this-db-query"SELECT ebayitemid FROM " . DBPREFIX . "ebaylisting WHERE productid = '".$productid."' AND status = '1' LIMIT 1"; .............. Function is called on many locations and paramter is passed without santize...

OpenCart 1.5.6.1 SQL Injection

Exploit Title : OpenCart log'getEbayItemId - Product ID: '.$productid; $qry = $this-db-query"SELECT ebayitemid FROM " . DBPREFIX . "ebaylisting WHERE productid = '".$productid."' AND status = '1' LIMIT 1"; .............. Function is called on many locations and paramter is passed without santize...