EPSS
Percentile
32.8%
OpenCart is vulnerable to information disclosure. The vulnerability exists in multiple functions of backup.php, allowing an attacker to obtain database information or read server files by injecting and executing malicious SQL queries.
backup.php
github.com/advisories/GHSA-236j-rfx5-wq38
github.com/opencart/opencart/blob/4.0.1.1/upload/admin/controller/tool/backup.php#L257
medium.com/%40nowczj/sql-injection-exists-in-the-background-of-opencart-d41b5c58e99e
medium.com/@nowczj/sql-injection-exists-in-the-background-of-opencart-d41b5c58e99e