CVE-2025-0580

The Shiprocket Module 3 on OpenCart is affected by a critical issue, where the manipulation of the contentHash argument in the REST API Module leads to incorrect authorization 🚨. This allows for remote attacks, although the complexity is rather high and exploitation is known to be difficult. The exploit has been publicly disclosed and may be used. The vulnerable component is the REST API Module, specifically the /index.php?route=extension/module/rest api&action=getOrders file.

The affected software is Shiprocket Module 3 on OpenCart, but the vulnerable versions are not specified. The issue is related to the REST API Module, and the manipulation of the contentHash argument leads to incorrect authorization. The attack may be launched remotely, and the complexity of an attack is rather high. The exploitation is known to be difficult, but the exploit has been disclosed to the public and may be used.

#Shiprocket #OpenCart #RESTAPI #contentHash #authorization #remotelyexploitable #exploit #publicdisclosure #OpencartVulnerability #ShiprocketModule