Dreamvention Live Ajax Search OpenCart Module SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in the Dreamvention Live Ajax Search OpenCart module, free versions through 1.0.6. The issue resides in the 'searchresults/search' function, where the 'keyword' parameter is manipulated to execute arbitrary SQL commands. This vulnerability allows remote, unauthenticated attackers to access and exfiltrate all database content, including admin session details, credentials, and any Personally Identifiable Information (PII) or payment details stored in the database.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries to access, modify, or delete database information. In this case, it could lead to unauthorized access to admin credentials and session details, potentially allowing for further exploitation of the application.

Reproduction

The vulnerability can be reproduced by sending a crafted GET request to the 'index.php' file with the 'route' parameter set to 'extension/live_search/module/live_search.searchresults' and the 'keyword' parameter containing the SQL injection payload. This can be done using tools like curl or sqlmap. The injection exploits an error-based SQL injection vulnerability, where database information can be extracted by manipulating the SQL query processing.