漏洞详情: CVE-2024-21514

漏洞标题
NVD 暂无描述信息
来源:NVD
OpenCart 安全漏洞
来源:CNNVD
漏洞描述
This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have to be enabled), it is possible to exploit SQL injection to gain unauthorised access to the backend database. For any site which is vulnerable, any unauthenticated user could exploit this to dump the entire OpenCart database, including customer PII data.
来源:NVD
OpenCart是中国香港OpenCart团队的一套开源的电子商务系统。该系统提供产品评论、产品评分、产品添加等模块。 OpenCart 存在安全漏洞,该漏洞源于存在SQL注入问题,未经身份验证的用户可以利用SQL注入来获得对后端数据库的未经授权的访问。
来源:CNNVD
NVD 暂无描述信息
来源:神龙机器人
漏洞评分(CVSS)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
来源:NVD
漏洞类别
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
来源:NVD
其他
来源:CNNVD
情报信息
相关链接