Description
Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the product_id parameter. Attackers can send GET requests to index.php with the option=com_jcart&route=product/product parameters and malicious product_id values to extract sensitive database information.
Problem types
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Product status
Credits
Ihsan Sencan
References
www.exploit-db.com/exploits/41642 (ExploitDB-41642)
soft-php.com (Official Product Homepage)
www.vulncheck.com/...ponent-jcart-for-opencart-sql-injection (VulnCheck Advisory: Joomla! Component jCart for OpenCart 2.0 SQL Injection)