Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2666 articles · 174691 vulns · 37/41 feeds (7d)
← Back to list
8.2
CVE-2017-20282EXPLOITED
joomla · jcart

Joomla! Component jCart for OpenCart 2.0 SQL Injection

Description

Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the product_id parameter. Attackers can send GET requests to index.php with the option=com_jcart&route=product/product parameters and malicious product_id values to extract sensitive database information.

Affected Products

VendorProductVersions
joomlajcart2.0

References

  • https://www.exploit-db.com/exploits/41642(exploit)
  • http://soft-php.com(product)
  • https://www.vulncheck.com/advisories/joomla-component-jcart-for-opencart-sql-injection(third-party-advisory)

Related News (1 articles)

Tier C
VulDB23d ago
CVE-2017-20282 | Soft-Php jCart for OpenCart 2.0 on OpenCart GET Request index.php product_id sql injection (Exploit 41642 / EDB-41642)
→ No new info (linked only)
CVSS 3.18.2 NONE
CISA KEV❌ No
Actively exploited✅ Yes
CWECWE-89
PublishedJun 19, 2026
Last enriched23d agov2
Trending Score2
Source articles1
Independent1
Info Completeness9/14
Missing: epss, kev, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

NONECVE-2026-48939EXPKEV
Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15
Trending: 129
NONECVE-2026-48950EXP
Joomla! Core - [20260704] - XSS in com_templates
Trending: 28
NONECVE-2026-48952EXP
Joomla! Core - [20260706] - XSS in com_installer
Trending: 26
NONECVE-2019-25748EXP
Joomla JHotelReservation 6.0.7 SQL Injection via search-hotels
Trending: 2
NONECVE-2017-20273EXP
Joomla Event Registration Pro Calendar 4.1.3 SQL Injection
Trending: 2

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jun 19, 2026
Discovered by ZDM
Jun 19, 2026
Updated: description, severity, exploitAvailable, activelyExploited
Jun 19, 2026
Actively Exploited
Jun 22, 2026
Exploit Available
Jun 22, 2026

Version History

v2
Last enriched 23d ago
v2Tier C23d ago

Updated severity to CRITICAL, added that an exploit is available, and provided a more detailed description of the vulnerability.

descriptionseverityexploitAvailableactivelyExploited
via VulDB
v123d ago

Initial creation