top of page
perceptive_background_267k.jpg

OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through …

Published:

24 maart 2026 om 23:00:00

Alert date:

25 maart 2026 om 19:06:05

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Database & Storage

OpenCart Core version 4.0.2.3 contains a SQL injection vulnerability in the search parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit this vulnerability by sending GET requests to the product search endpoint with malicious search values. The vulnerability enables extraction of sensitive database information through boolean-based blind or time-based blind SQL injection techniques. This is a high-severity vulnerability as it requires no authentication and can lead to complete database compromise. The vulnerability affects the core OpenCart e-commerce platform used by many online retailers.

Technical details

Mitigation steps:

Affected products:

OpenCart Core

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2024-58341
https://github.com/opencart/opencart/releases
https://www.exploit-db.com/exploits/51940
https://www.opencart.com/
https://www.vulncheck.com/advisories/opencart-core-sql-injection-via-search-parameter

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page