CVE-2017-20282

Joomla! Component jCart for OpenCart 2.0 SQL Injection

CVSS 8.8 HIGHEPSS 0.3%CWE-89

Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the product_id parameter. Attackers can send GET requests to index.php with the option=com_jcart&route=product/product parameters and malicious product_id values to extract sensitive database information.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Affected products

Soft-Php · jCart for OpenCart

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/41642unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://soft-php.com https://www.exploit-db.com/exploits/41642 https://www.vulncheck.com/advisories/joomla-component-jcart-for-opencart-sql-injection