Create OpenCart_So_Newsletter_Custom_Popup_4.0_module_email_parameter_SQL_injection_vulnerability.md

2025-06-20 01:40:20 +00:00 · 2023-04-13 15:44:25 +08:00 · 2023-04-13 15:44:25 +08:00 · 5c4503efd2
commit 5c4503efd2
parent 7225c2bdfb
1 changed files with 12 additions and 0 deletions
--- a/OpenCart_So_Newsletter_Custom_Popup_4.0_module_email_parameter_SQL_injection_vulnerability.md
+++ b/OpenCart_So_Newsletter_Custom_Popup_4.0_module_email_parameter_SQL_injection_vulnerability.md
@ -0,0 +1,12 @@
+## OpenCart So Newsletter Custom Popup 4.0 module email parameter SQL injection vulnerability
+
+|   **Vulnerability**  | **OpenCart So Newsletter Custom Popup 4.0 module email parameter SQL injection vulnerability**  |
+| :----:   | :-----|
+|  **Chinese name**  | OpenCart So Newsletter Custom Popup 4.0 模块 email 参数 SQL 注入漏洞 |
+| **CVSS core**  | 7.5 |
+| **FOFA Query**  (click to view the results directly)| [body="extension/module/so_newletter_custom_popup/newsletter"](https://en.fofa.info/result?qbase64=Ym9keT0iZXh0ZW5zaW9uL21vZHVsZS9zb19uZXdsZXR0ZXJfY3VzdG9tX3BvcHVwL25ld3NsZXR0ZXIi) |
+| **Number of assets affected**  | 4474 |
+| **Description**  | The OpenCart Newsletter Custom Popup module is a module for newsletter subscriptions. There is a SQL injection vulnerability in the email parameter of the extension/module/so_newletter_custom_popup/newsletter interface of the Opencart Newsletter Custom Popup 4.0 module due to improper filtering. |
+| **Impact** | In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions. |
+
+![](https://s3.bmp.ovh/imgs/2023/04/12/0092879ad5b9054b.gif)