| Title | CoinRemitter CoinRemitter Plugin For Opencart 0.0.2 / version 4.0 SQL Injection |
|---|
| Description | The CoinRemitter Plugin For Opencart has multiple SQL Injection (SQLi) vulnerabilities.
The most serious of these allows an unauthenticated attacker to access any and all content stored in the database.
It's also possible to retrieve the API credentials for a coinremitter wallet, including the unencrypted password, due to the fact that encryption details are hard-coded and publicly available. This could potentially result in theft from the wallet.
Via the SQLi vulnerability it's possible to compromise the site by exfiltrating admin session details / credentials.
Any Personally Identifiable Information (PII) and/or payment details stored in the site's database would also be vulnerable to exfiltration. |
|---|
| Source | ⚠️ https://gist.github.com/mcdruid/d4bdd8ffb8988bce9408c6bac40a15c5 |
|---|
| User | mcdruid (UID 79710) |
|---|
| Submission | 01/31/2025 10:09 AM (1 Year ago) |
|---|
| Moderation | 02/07/2025 05:39 PM (7 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 295023 [CoinRemitter 0.0.1/0.0.2 on OpenCart coin sql injection] |
|---|
| Points | 20 |
|---|