OpenCart Core SQL Injection Vulnerability (CVE-2024-58341)
OpenCart Core 4.0.2.3 is vulnerable to SQL injection via the 'search' parameter, enabling unauthenticated attackers to manipulate database queries and extract sensitive information through boolean-based or time-based blind SQL injection.
OpenCart Core 4.0.2.3 is susceptible to a SQL injection vulnerability that allows unauthenticated remote attackers to inject arbitrary SQL commands through the ‘search’ parameter. The vulnerability, identified as CVE-2024-58341, allows attackers to craft malicious GET requests to the product search endpoint, potentially leading to the extraction of sensitive database information. The attack relies on the injection of SQL code within the ‘search’ parameter, exploiting the lack of proper input…
Detection coverage 2
OpenCart SQL Injection Attempt via Search Parameter
highDetects potential SQL injection attempts in the OpenCart 'search' parameter.
OpenCart SQL Injection - Time Based Blind SQLi
highDetects potential Time Based Blind SQL injection attempts in the OpenCart 'search' parameter by looking for SLEEP function calls.
Detection queries are kept inside the platform. Get full rules →