| عنوان | TMD TMD Custom Header Menu OpenCart module 4.0.0.1 SQL Injection |
|---|
| الوصف | The TMD Custom Header Menu OpenCart module has a SQL Injection (SQLi) vulnerability.
This allows an authenticated attacker to access any and all content stored in the database.
Via the SQLi vulnerability it's possible to compromise the site by exfiltrating admin session details / credentials.
Any Personally Identifiable Information (PII) and/or payment details stored in the site's database would also be vulnerable to exfiltration.
This vulnerability is mitigated by the fact that in order to exploit it, an attacker must have access to the admin User Interface of the site (or a valid session cookie and user_token). |
|---|
| المصدر | ⚠️ https://gist.github.com/mcdruid/ff4f29f4e7830e9e91988c7195d77039 |
|---|
| المستخدم | mcdruid (UID 79710) |
|---|
| ارسال | 03/01/2025 02:22 PM (1 سنة منذ) |
|---|
| الاعتدال | 03/01/2025 05:38 PM (3 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 290159 [TMD Custom Header Menu 4.0.0.1 على OpenCart /admin/index.php headermenu_id حقن SQL] |
|---|
| النقاط | 20 |
|---|