OpenCart is vulnerable to SQL injection. The attacks exist because it does not sanitize the courier_id
parameter in the updateAmazonOrderTracking()
function in upload/admin/model/openbay/amazon.php
, allowing the attackers to inject malicious SQL queries through it.