CVE-2025-0579 | Shiprocket Module 3/4 on OpenCart REST API Module restapi x-username sql injection

A vulnerability was found in Shiprocket Module 3/4 on OpenCart. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php?route=extension/shiprocket/module/restapi of the component REST API Module. The manipulation of the argument x-username leads to sql injection.

This vulnerability is known as CVE-2025-0579. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-0579 | Shiprocket Module 3/4 on OpenCart REST API Module restapi x-username sql injection

Post correlati

CVE-2024-32754 | Johnson Controls Kantech KT400 Door Controller Rev01 Factory Reset Mode information disclosure (icsa-24-184-01)

CVE-2024-38011 | Microsoft Windows up to Server 2022 23H2 Secure Boot length parameter

CVE-2024-35778 | John West Slideshow SE Plugin up to 2.5.17 on WordPress path traversal

CVE-2024-48941 | Syracom Secure Login Plugin up to 3.1.4.5 on Jira /rest access control