Tag

Opencart

3 briefs RSS

Opencart TMD Vendor System Blind SQL Injection Vulnerability (CVE-2021-47928)

Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability (CVE-2021-47928) that allows unauthenticated attackers to extract database information by injecting SQL code through the product_id parameter, potentially leading to account takeover and data exfiltration.

TMD Vendor System 3.x sql-injection cve-2021-47928 opencart web-application

2r 2t 1c May 10, 2026

high advisory

OpenCart Session Fixation Vulnerability (CVE-2021-47923)

2 rules 1 TTP 1 CVE

OpenCart 3.0.3.8 is vulnerable to session fixation (CVE-2021-47923), allowing attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie, leading to unauthorized access.

OpenCart 3.0.3.8 opencart session-fixation CVE-2021-47923 webserver

2r 1t 1c May 10, 2026

high advisory

OpenCart Core SQL Injection Vulnerability (CVE-2024-58341)

2 rules 1 TTP

OpenCart Core 4.0.2.3 is vulnerable to SQL injection via the 'search' parameter, enabling unauthenticated attackers to manipulate database queries and extract sensitive information through boolean-based or time-based blind SQL injection.

cve-2024-58341 sql-injection opencart

2r 1t Mar 25, 2026