Threat Actor: Unknown | Unknown
Victim: OpenCart | OpenCart
Price: Not mentioned
Exfiltrated Data Type: Not mentioned
Additional Information:
- The threat actor claims to have identified two critical 0-day vulnerabilities in the most recent version of OpenCart.
- The vulnerabilities include an SQL injection flaw and a broken access control issue.
- The SQL injection vulnerability is located in the admin panel.
- The broken access control vulnerability allows any user, including unregistered ones, to download backups.
- The threat actor mentions two other vulnerabilities but couldn’t verify the code issues with those.
- The threat actor has shared a video and encourages questions through PMs and comments.
- No price is mentioned in the post, and no escrow is requested for any transaction.
In a post from a dark web forum, a threat actor has claimed to have identified two critical 0-day vulnerabilities in the most recent version of OpenCart, a popular online store management system.
The vulnerabilities stated by the threat actor include an SQL injection flaw and a broken access control issue. The SQL injection vulnerability is reportedly located in the admin panel. The second vulnerability, broken access control, permits any user, even those unregistered ones, to download backups.
The post owner also mentions two other vulnerabilities in the message, but it is stated that the threat actor couldn’t verify the code issues with those.
The user has shared a video and invited those with questions to PMs and comments. The threat actor does not mention any price in the post or request an escrow for any transaction.
Original Source: https://dailydarkweb.net/alleged-0-day-exploits-for-opencart/