CVE-2025-0580 | Shiprocket Module 3 on OpenCart REST API Module rest_api&action=getOrders contentHash authorization

A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/rest_api&action=getOrders of the component REST API Module. The manipulation of the argument contentHash leads to incorrect authorization.

This vulnerability is handled as CVE-2025-0580. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

It is recommended to apply restrictive firewalling.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-0580 | Shiprocket Module 3 on OpenCart REST API Module rest_api&action=getOrders contentHash authorization

Post correlati

CVE-2023-52265 | IDURAR up to 2.0.1 PATCH Request /api/email/update cross site scripting

CVE-2023-52428 | Connect2id Nimbus JOSE+JWT up to 9.37.1 JWE p2c Header resource consumption (Issue 526)

CVE-2024-40536 | Shenzhen Libituo Technology LBT-T300-T400 3.2 config_3g_para pin_3g_code stack-based overflow

VDB-254693 | Backdoor.Win32.Armageddon.r Service Port 5859 Password hard-coded password