漏洞描述
OpenCart Newsletter Custom Popup模块是一个用于时事通讯订阅的模块。在Opencart Newsletter CustomPopup 4.0模块extension/module/so_newletter_custom_popup/newsletter接口由于过滤不当导致存在SQL注入漏洞。
OpenCart So Newsletter Custom Popup 4.0 模块 email 参数 SQL 注入漏洞
PoC代码
暂无相关漏洞推荐
- 孚盟云CRM /m/Dingding/Ajax/AjaxCustomizeReport.ashx SQL 注入漏洞
- 东胜物流软件 UpdateCustomMainfast XXE漏洞
- CNVD-2019-16798: Coremail Information Disclosure
- CVE-2019-19985: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
- coremail-manager-password-disclosure: Coremail 邮件系统未授权访问获取管理员账密
- WordPress Plugin email-subscribers /wp-admin/admin-post.php advanced_filter SQL 注入漏洞(CVE-2024-2876)
- POC 快普整合管理平台 GetCustomerList SQL注入漏洞
- POC CVE-2011-1669: WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI)
- POC CVE-2011-5106: WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting
- POC CVE-2017-18493: Custom Admin Page by BestWebSoft < 0.1.2 - Cross-Site Scripting
- POC CVE-2017-18494: Custom Search by BestWebSoft < 1.36 - Cross-Site Scripting
- POC CVE-2018-11231: Opencart Divido - Sql Injection
- POC CVE-2019-14789: Custom 404 Pro < 3.2.8 - Cross-Site Scripting