SQL Injection

2017-09-0406:00:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.001

Percentile

44.1%

JSON

OpenCart is vulnerable to SQL injection. The attacks exist because it does not sanitize the courier_id parameter in the updateAmazonOrderTracking() function in upload/admin/model/openbay/amazon.php, allowing the attackers to inject malicious SQL queries through it.