CVE-2020-20491

Name of the Vulnerable Software and Affected Versions OpenCart versions 2.2.00 through 3.0.3.2

Description The issue allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php. This is a SQL injection vulnerability.

Recommendations For OpenCart versions 2.2.00 through 3.0.3.2, consider disabling the Fba plugin function in upload/admin/index.php as a temporary workaround until a patch is available. Restrict access to the upload/admin/index.php endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.