Opencart · Opencart · CVE-2016-10509
**Name of the Vulnerable Software and Affected Versions**
OpenCart versions prior to 2.3.0.0
**Description**
The issue allows remote authenticated administrators to execute arbitrary SQL commands. This is achieved via a `carrier` (also known as `courier id`) parameter to the "openbay.php" endpoint.
**Recommendations**
For versions prior to 2.3.0.0, update to version 2.3.0.0 or later to resolve the issue.