logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2024-21514

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2024-21514

Description:
This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have to be enabled), it is possible to exploit SQL injection to gain unauthorised access to the backend database. For any site which is vulnerable, any unauthenticated user could exploit this to dump the entire OpenCart database, including customer PII data.
Last updated date:
06/24/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
06/24/2024
Reference url to background

https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266565

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy