OpenCart SQL Injection Vulnerability in Core Version 4.0.2.3

A SQL injection vulnerability has been identified in OpenCart Core version 4.0.2.3. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'search' parameter in the product search endpoint. Exploitation of this vulnerability could lead to unauthorized access to sensitive database information. The vulnerability can be exploited using boolean-based blind or time-based blind SQL injection techniques.

Impact

Exploitation of this vulnerability allows for SQL injection, which could be used to access, modify, or delete database information. In some cases, it could lead to executing arbitrary commands on the server.

Reproduction

To reproduce this vulnerability, send a GET request to 'index.php' with the 'route' parameter set to 'product/search' and the 'search' parameter containing the injected SQL payload. This can be done using a tool like SQLMap, targeting the 'search' parameter for exploitation.

Remediation

Users are advised to update to the latest version of OpenCart where this vulnerability has been addressed.