Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

E-Commerce

Opencart

OpenCart is an open source PHP-based online shopping cart system. A robust e-commerce solution for Internet merchants with the ability to create their own online business and participate in e-commerce at a minimal cost. OpenCart is designed feature rich easy to use search engine friendly and with a visually appealing interface.

Official Site:

https://www.opencart.com/

Severity Summary:

Critical: 2 High: 10 Medium: 19 Low: 1
Reference
Title
Severity
CVE-2014-3990
Opencart Improper Restriction of XML External Entity Reference Vulnerability
Critical
CVE-2023-40834
Opencart Improper Restriction of Excessive Authentication Attempts Vulnerability
Critical
CVE-2023-2315
Opencart Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2023-47444
Opencart Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2009-1027
Opencart Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2024-21514
Opencart Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2010-0956
Opencart Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2020-20491
Opencart Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2024-21518
Opencart Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2024-21519
Opencart Vulnerability
High
CVE-2018-11494
Opencart Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2018-13067
Opencart Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2024-21517
Opencart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2024-21516
Opencart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2024-21515
Opencart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-1749
Opencart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-1748
Opencart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-1747
Opencart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-13980
Opencart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2013-1891
Opencart Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2021-37823
Opencart Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2020-10596
Opencart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2009-1621
Opencart Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2010-1610
Opencart Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2011-3763
Opencart Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2015-4671
Opencart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-29470
Opencart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-29471
Opencart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2018-11495
Opencart Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2019-15081
Opencart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium