Back to Codebase

Vulnerability Analysis Report

OpenCart Core v4.1.0.0

Scan ID: SCAN-OPENCART-CORE-e2XrMW • Hash: d707329b

Severity Score
High
Total Findings
5
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
1.004s

Vulnerability Details

L185

Potential SQL Injection in filter_group.php

CWE-89
File Location: upload/admin/model/catalog/filter_group.php:185
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query("SELECT COUNT(*) AS `total` FROM `" . DB_PREFIX . "filter_group`");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L252

Potential SQL Injection in information.php

CWE-89
File Location: upload/admin/model/catalog/information.php:252
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query("SELECT COUNT(*) AS `total` FROM `" . DB_PREFIX . "information`");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L254

Potential SQL Injection in topic.php

CWE-89
File Location: upload/admin/model/cms/topic.php:254
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query("SELECT COUNT(*) AS `total` FROM `" . DB_PREFIX . "topic`");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L316

Potential SQL Injection in subscription_plan.php

CWE-89
File Location: upload/admin/model/catalog/subscription_plan.php:316
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query("SELECT COUNT(*) AS `total` FROM `" . DB_PREFIX . "subscription_plan`");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L175

Potential SQL Injection in attribute_group.php

CWE-89
File Location: upload/admin/model/catalog/attribute_group.php:175
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query("SELECT COUNT(*) AS `total` FROM `" . DB_PREFIX . "attribute_group`");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");