CVE-2024-21514

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Jun 22, 2024

Updated: Jun 24, 2024

CWE ID 89

Summary

CVE-2024-21514 is a new SQL Injection vulnerability that affects versions of the OpenCart package, specifically the Divido payment extension, starting from 0.0.0. This issue is present even when the extension is not enabled. An anonymous attacker can exploit this vulnerability to gain unauthorized access to the backend database of a vulnerable OpenCart site, potentially exposing customer Personally Identifiable Information (PII) data. The Divido payment module, which comes pre-installed with OpenCart version 3.0.3.9, is the source of this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OpenCart

Affected Vendors

Opencart

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/wlsFs-
https://www.cve.org/CVERecord?id=CVE-2024-21514
https://nvd.nist.gov/vuln/detail/CVE-2024-21514

Back to Vulnerability Database