CVE-2022-41403

Name of the Vulnerable Software and Affected Versions OpenCart versions 3.x

Description A SQL injection issue was found in the Newsletter Custom Popup module of OpenCart. The vulnerability can be exploited via the email parameter at the "index.php?route=extension/module/so newletter custom popup/newsletter" endpoint.

Recommendations For OpenCart version 3.x, as a temporary workaround, consider restricting access to the vulnerable module until a patch is available. Avoid using the email parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.