Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the product_id parameter. Attackers can send GET requests to index.php with the option=com_jcart&route=product/product parameters and malicious product_id values to extract sensitive database information.
| Vendor | Product | Versions |
|---|---|---|
| joomla | jcart | 2.0 |
Updated severity to CRITICAL, added that an exploit is available, and provided a more detailed description of the vulnerability.
Initial creation