cbcvebase.
CVE-2020-15478
published 2020-07-01

CVE-2020-15478: The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.

PriorityP355high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
4.69%
90.6th percentile
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.

Affected

1 ranges
VendorProductVersion rangeFixed in
journal-themejournal< 3.1.03.1.0

Detection & IOCsextracted from sources · hover to see the quote

  • Detect responses from OpenCart Journal theme endpoints that contain SQL error messages, database details, or internal filesystem paths, indicating sensitive data exposure.
  • Flag requests where the 'page' GET parameter is a non-integer string on Journal theme blog routes, as the vulnerable code path is: $page = (int)Arr::get($this->request->get, 'page', 1);
  • ·Vulnerability affects Journal theme version 3.0.46 and below; version 3.1.0 contains the fix. Ensure detection rules are scoped to sites running vulnerable versions.
  • ·The sensitive data exposed can include passwords, session tokens, credit card data, and private health data — scope incident response accordingly if exploitation is detected.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.