TMD Custom Header Menu OpenCart Module SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the TMD Custom Header Menu OpenCart module, version 4.0.0.1. This vulnerability exists in the admin index.php file, where the headermenu_id parameter is improperly processed, allowing authenticated attackers to manipulate SQL queries. Exploitation of this vulnerability could lead to unauthorized access to database contents, including admin session details, Personally Identifiable Information (PII), and payment information. The vulnerability requires a valid session cookie and user_token for exploitation.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to access and manipulate database information. This could include exfiltrating admin credentials and any stored PII or payment details.

Reproduction

To reproduce this vulnerability, an authenticated user must send a request to the admin index.php file with the headermenu_id parameter manipulated to include SQL injection payloads. This can be done using tools like sqlmap or through manual exploitation methods, such as crafting a request that exploits the SQL injection vulnerability by extracting data from the database.

Remediation

Users are advised to upgrade to the latest version of the TMD Custom Header Menu OpenCart module. The fixed version is available in the OpenCart marketplace.