sqli

I found multiple SQLi vulnerabilities in the Coinremitter OpenCart module.

The most serious of these allows an unauthenticated attacker to access any and all content stored in the database.

This potentially exposed credentials for a crypto currency wallet, as well as allowing full compromise of the site.

Details: https://gist.github.com/mcdruid/d4bdd8ffb8988bce9408c6bac40a15c5

This was assigned CVE-2025-1117

I found two vulnerabilities in the ShipRocket OpenCart module

One was an Access Bypass as a result of a logic error and type confusion in PHP.

This allows an unauthenticated attacker to access potentially sensitive information stored in the site's database.

Details: https://gist.github.com/mcdruid/0d1fdbba445587639ee5da66e7abfcc9

This was assigned CVE-2025-0580.

I found a SQLi vulnerability in the Dreamvention Live Ajax Search OpenCart module.

This allows an unauthenticated attacker to access any and all content stored in the database.

Via the SQLi vulnerability it's possible to compromise the site by exfiltrating admin session details / credentials.

Details: https://gist.github.com/mcdruid/d6a41cfebd9e10e63a8c698d3a8ad771

This was assigned CVE-2025-1116

I found a SQLi vulnerability in the TMD Custom Header Menu OpenCart module.

The CVSS score for this is lower than some of the other SQLi vulnerabilities I found in OpenCart modules, because the vulnerable code is only accessible by authenticated (admin) users.

The maintainers acknowledged the report and fixed this quickly.

Details: https://gist.github.com/mcdruid/ff4f29f4e7830e9e91988c7195d77039

This was assigned CVE-2025-0214