CVE-2021-37823: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

November 3, 2022 (updated December 3, 2022)

OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background.

References

medium.com/%40nowczj/sql-injection-exists-in-the-background-of-opencart-d41b5c58e99e
nvd.nist.gov/vuln/detail/CVE-2021-37823

Detect and mitigate CVE-2021-37823 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →