| 제목 | ShipRocket OpenCart module v3 and v4 SQL Injection |
|---|
| 설명 | The ShipRocket OpenCart Rest API module has multiple SQL Injection (SQLi) vulnerabilities.
The most serious of these allows an unauthenticated attacker to access any and all content stored in the database.
Via the SQLi vulnerability it's possible to compromise the site by exfiltrating admin session details / credentials.
Any Personally Identifiable Information (PII) and/or payment details stored in the site's database would also be vulnerable to exfiltration. |
|---|
| 원천 | ⚠️ https://gist.github.com/mcdruid/3c9fc9bd4e882cee21f8a37998f56fce |
|---|
| 사용자 | mcdruid (UID 79710) |
|---|
| 제출 | 2025. 01. 07. PM 11:46 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 01. 19. PM 08:54 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 292597 [Shiprocket Module 3/4 켜짐 OpenCart REST API restapi x-username SQL 주입] |
|---|
| 포인트들 | 20 |
|---|