N/A

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have to be enabled), it is possible to exploit SQL injection to gain unauthorised access to the backend database. For any site which is vulnerable, any unauthenticated user could exploit this to dump the entire OpenCart database, including customer PII data.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

OpenCart 安全漏洞

OpenCart是中国香港OpenCart团队的一套开源的电子商务系统。该系统提供产品评论、产品评分、产品添加等模块。 OpenCart 存在安全漏洞，该漏洞源于存在SQL注入问题，未经身份验证的用户可以利用SQL注入来获得对后端数据库的未经授权的访问。

N/A

N/A