Description

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have to be enabled), it is possible to exploit SQL injection to gain unauthorised access to the backend database. For any site which is vulnerable, any unauthenticated user could exploit this to dump the entire OpenCart database, including customer PII data.

INFO

Published Date :

2024-06-22T05:00:04.158Z

Last Modified :

2024-08-01T22:20:41.029Z

Source :

snyk
AFFECTED PRODUCTS

The following products are affected by CVE-2024-21514 vulnerability.

Vendors Products
Opencart
  • Opencart
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-21514.

URL Resource
https://github.com/opencart/opencart/blob/3.0.3.9/upload/catalog/model/extension/payment/divido.php%23L114 cve-icon cve-icon cve-icon
https://github.com/opencart/opencart/commit/46bd5f5a8056ff9aad0aa7d71729c4cf593d67e2 cve-icon cve-icon cve-icon
https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266565 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact