CVE-2024-58341: OpenCart Core 4.0.2.3 SQL Injection via search Parameter
OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'search' parameter. Attackers can send GET requests to the product search endpoint with malicious 'search' values to extract sensitive database information using boolean-based blind or time-based blind SQL injection techniques.
Security readout for executives and security teams
Plain-English summary
This is a high-risk SQL injection in OpenCart Core search functionality. An unauthenticated internet user may influence database queries through the public product search parameter, potentially exposing sensitive database contents. Public storefronts on affected versions should be treated as urgent until version status and vendor remediation are confirmed.
Executive priority
Prioritize within the current remediation cycle for any exposed OpenCart store. The issue is unauthenticated, public-facing, and tied to database confidentiality, but the provided evidence does not show confirmed active exploitation.
Technical view
CVE-2024-58341 is CWE-89 SQL injection in OpenCart Core. The source bundle identifies unauthenticated GET access to the product search endpoint via the search parameter, with boolean-based blind or time-based blind techniques. Affected versions listed are 4.0.2.3 and 4.1.0.0. CVSS v4.0 score is 8.8.
Likely exposure
Exposure is most likely on internet-facing OpenCart storefronts running 4.0.2.3 or 4.1.0.0 with public product search enabled. The bundle does not identify affected hosted services, forks, plugins, or downstream distributions.
Exploitation context
The source bundle references ExploitDB, so public exploit information exists. However, KEV is false, and the provided sources do not establish active exploitation in the wild. Treat exploitability as credible, but do not assume observed compromise without local evidence.
Researcher notes
Key evidence gaps are the exact fixed version, vendor advisory detail, and exploitation telemetry. Use CVE, VulnCheck, ExploitDB, and OpenCart release references for tracking, but avoid assuming a patch level beyond what vendor release notes confirm.
Mitigation direction
Inventory OpenCart storefronts and confirm exact Core versions.
Follow OpenCart release or vendor guidance for a fixed supported version.
Prioritize remediation for internet-facing stores with public search enabled.
Increase monitoring of product search requests until remediation is complete.
Review vendor advisories before applying temporary controls or workarounds.
Validation and detection
Confirm whether production runs OpenCart Core 4.0.2.3 or 4.1.0.0.
Verify public access to the product search endpoint.
Review web and application logs for abnormal search parameter activity.
After updating, run safe regression tests against product search behavior.
Confirm no unexpected database errors appear during normal search usage.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-89: Database access and collection lookup
Injection into data stores can inform collection, data access, and exfiltration detection reviews. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references database injection or access, so collection and exfiltration review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-89 · source CWE mapping
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.