Headline
CVE-2020-20491: SQL Injection vulnerability found in fba extension · Issue #7612 · opencart/opencart
SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php.
What version of OpenCart are you reporting this for?
2.2.0.0 ~ 3.0.3.2
Describe the bug
A SQL injection caused by inappropriate user input filtering.
What section does it affect?
openbay-fba extension
To Reproduce
Steps to reproduce the behavior:
- Log in as administrator
- Install “OpenBay Pro” extension
- Enable “Fulfillment by Amazon”(Fba) plugin
- Visit upload/admin/index.php?route=extension/openbay/fba/orderList&user_token=your_token&filter_start=1%27%20and%20updatexml(1,concat(0x7e,(select%20user()),1),0x7e)–%20
(ps: Replace the user_token parameter with your own.)
Expected behavior
'select user()' will be executed and its result will be returned