cbcvebase.
CVE-2018-11231
published 2018-05-23

CVE-2018-11231: In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information.

PriorityP259high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EXPLOIT
EPSS
9.05%
94.6th percentile
In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information.

Detection & IOCsextracted from sources · hover to see the quote

url/upload/index.php?route=extension/payment/divido/update
command{"metadata":{"order_id":"1 and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)"},"status":2}
  • Detect POST requests to the Divido payment update endpoint with SQL injection payload in the JSON body's order_id field using updatexml error-based injection.
  • Look for the string 'updatexml' combined with 'concat' and 'SELECT' inside a JSON POST body targeting the order_id metadata field as a sign of active exploitation.
  • A successful exploitation response will contain the MD5 hash of the injected numeric value (e.g., md5(999999999)) in the HTTP response body with a 200 status code.
  • ·The SQL injection is triggered via a POST request with a JSON body; ensure WAF/IDS rules inspect POST body content-type application/json for the targeted endpoint.
  • ·The vulnerability is rated high complexity (AC:H) per CVSS, but has a very high EPSS score (0.76075, 98.9th percentile), indicating active exploitation in the wild.

CVSS provenance

nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.