Main menu
You are here
January 2025
Research: SQli in Dreamvention Live Ajax Search OpenCart module
2 January 2025 - 12:00am — drewI found a SQLi vulnerability in the Dreamvention Live Ajax Search OpenCart module.
This allows an unauthenticated attacker to access any and all content stored in the database.
Via the SQLi vulnerability it's possible to compromise the site by exfiltrating admin session details / credentials.
Details: https://gist.github.com/mcdruid/d6a41cfebd9e10e63a8c698d3a8ad771
This was assigned CVE-2025-1116
- Log in to post comments
Research: Unrestricted File Upload in BlogBotz OpenCart module
3 January 2025 - 12:00am — drewI found an Unrestricted File Upload in the BlogBotz OpenCart module.
This could allow an unauthenticated attacker to gain unauthorised access to the site / hosting infrastructure, for example via a PHP webshell or similar exploit.
Details: https://gist.github.com/mcdruid/28124198128022a1c2b4060f74d99cd6
This was assigned CVE-2025-0460
- Log in to post comments
Research: SQli and Access Bypass in ShipRocket OpenCart module
3 January 2025 - 12:00am — drewI found two vulnerabilities in the ShipRocket OpenCart module
One was an Access Bypass as a result of a logic error and type confusion in PHP.
This allows an unauthenticated attacker to access potentially sensitive information stored in the site's database.
Details: https://gist.github.com/mcdruid/0d1fdbba445587639ee5da66e7abfcc9
This was assigned CVE-2025-0580.
The other was SQLi - there were multiple vectors, but most serious of these allows an unauthenticated attacker to access any and all content stored in the database.
Via the SQLi vulnerability it's possible to compromise the site by exfiltrating admin session details / credentials.
Details: https://gist.github.com/mcdruid/3c9fc9bd4e882cee21f8a37998f56fce
This was assigned CVE-2025-0579.
- Log in to post comments
Research: SQli in Coinremitter OpenCart module
16 January 2025 - 12:00am — drewI found multiple SQLi vulnerabilities in the Coinremitter OpenCart module.
The most serious of these allows an unauthenticated attacker to access any and all content stored in the database.
This potentially exposed credentials for a crypto currency wallet, as well as allowing full compromise of the site.
Details: https://gist.github.com/mcdruid/d4bdd8ffb8988bce9408c6bac40a15c5
This was assigned CVE-2025-1117
- Log in to post comments
Research: PHP Object Injection in Aridius Opencart modules
21 January 2025 - 12:00am — drewAs part of my research into Gadget Chains and PHP Object Injection, I discovered an exploitable vulnerability in multiple OpenCart modules named aridius_XYZ.
It appears that current "official" releases of Aridius modules are not vulnerable. However, it also appears to be common for "unofficial" versions of the extensions to be used.
At the time of discovery, at least one such unofficial version was available for free download from the OpenCart marketplace - this release was vulnerable.
The vulnerability is exploitable remotely without authentication.
(POP/) Gadget Chains exist in OpenCart (3 and 4) which allow Object Injection vulnerabilities to be exploited, for example to write arbitrary files or achieve Remote Code Execution.
Details: https://gist.github.com/mcdruid/52383f40d11becb79ce4033cb46546eb
This was assigned CVE-2025-0841
- Log in to post comments
Research: PHP Object Injection in Lightning OpenCart module
26 January 2025 - 12:00am — drewAs part of my research into Gadget Chains and PHP Object Injection, I discovered a vulnerability in the Lightning OpenCart module.
(POP/) Gadget Chains exist in OpenCart (3 and 4) which allow Object Injection vulnerabilities to be exploited, for example to write arbitrary files or achieve Remote Code Execution.
The maintainer was very responsive to the report and addressed the issue quickly. Thanks!
Details: https://gist.github.com/mcdruid/f8153d7d535c0fcba920e83a64953d4e
This was assigned CVE-2025-0974
- Log in to post comments