CVE-2024-21514

CVSS 3.1 Score 7.4 of 10 (high)

Details

Published Jun 22, 2024
Updated: Jun 24, 2024
CWE ID 89

Summary

CVE-2024-21514 is an SQL injection vulnerability that affects the Divido payment extension for OpenCart versions 3.0.3.9 and below. This vulnerability allows anonymous unauthenticated users to exploit SQL injection and gain unauthorized access to the backend database, potentially compromising customer Personally Identifiable Information (PII). The vulnerability exists regardless of whether the Divido payment module is enabled or not. To remediate this issue, users are advised to update their OpenCart installation to a version that includes a fix for this vulnerability. The potential danger of this vulnerability is that it enables attackers to extract sensitive data from the OpenCart database, leading to potential privacy breaches and financial loss for affected organizations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-21514 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions