CVE-2020-15478
published 2020-07-01CVE-2020-15478: The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
PriorityP355high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
4.69%
90.6th percentile
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| journal-theme | journal | < 3.1.0 | 3.1.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect responses from OpenCart Journal theme endpoints that contain SQL error messages, database details, or internal filesystem paths, indicating sensitive data exposure. ↗
- →Flag requests where the 'page' GET parameter is a non-integer string on Journal theme blog routes, as the vulnerable code path is: $page = (int)Arr::get($this->request->get, 'page', 1); ↗
- ·Vulnerability affects Journal theme version 3.0.46 and below; version 3.1.0 contains the fix. Ensure detection rules are scoped to sites running vulnerable versions. ↗
- ·The sensitive data exposed can include passwords, session tokens, credit card data, and private health data — scope incident response accordingly if exploitation is detected. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://docs.journal-theme.com/changeloghttps://www.getastra.com/blog/911/plugin-exploit/sql-errors-data-exposure-in-journal-opencart-theme/https://www.jinsonvarghese.com/sensitive-data-exposure-in-journal-theme/https://docs.journal-theme.com/changeloghttps://www.getastra.com/blog/911/plugin-exploit/sql-errors-data-exposure-in-journal-opencart-theme/https://www.jinsonvarghese.com/sensitive-data-exposure-in-journal-theme/
2020-07-01
Published