Description

SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php.

Remediation

References

CVE-2020-20491

Related Vulnerabilities

MySQL CVE-2024-21231 Vulnerability (CVE-2024-21231)

WordPress Plugin Loco Translate PHP Code Injection (2.5.3)

WordPress Plugin LB Mixed Slideshow 'upload.php' Arbitrary File Upload (1.0)

Envoy Proxy Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-45806)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0067)

Severity

High

Classification

CVE-2020-20491 CWE-138 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities