Plugin Exploit

SQL Errors resulting in Sensitive Data Exposure in Journal OpenCart Theme < 3.1.0 - Update immediately

Updated on: July 30, 2020

SQL Errors resulting in Sensitive Data Exposure in Journal OpenCart Theme < 3.1.0 - Update immediately

During the audit on an OpenCart website using the popular Journal theme, we were able to find that a particular endpoint is vulnerable to Sensitive Data Exposure through SQL errors. Journal version 3.1.0 fixing the issue was released on July 1, 2020.

CVE ID: CVE-2020-15478

Summary

Journal, the best selling OpenCart theme used in over 25K websites, was found to expose sensitive information and be potentially vulnerable to more attacks such as SQL Injection.

Sensitive Data Exposure, an OWASP Top 10 vulnerability, occurs when an application fails to adequately secure sensitive data. The information exposed can include passwords, session tokens, credit card data, private health data, and more.

Vulnerability

More details on the vulnerability will be added on July 15th so that theme users will have enough time to update to the latest version.

Update with technical details:

Due to the way the “page” parameter is typecast as an integer in /catalog/controller/journal3/blog.php, if someone enters a string, this results in a detailed error message showing SQL error, database details, and internal path.

Such information can help an attacker better prepare their attacks. We see that $page is type casted to an integer using $page = (int)Arr::get($this->request->get, 'page', 1); in the mentioned file.

Timeline

Vulnerability reported to the Journal team on June 11, 2020.
Version 3.1.0 containing the fix to the vulnerability was released on July 1, 2020.

Recommendation

  • It is highly recommended to update the theme to the latest version.
  • You can also add the following code after the line $page = (int)Arr::get($this->request->get, 'page', 1); in /catalog/controller/journal3/blog.php:
if ($page == 0)
	{
	    $page=1;
	}

Reference

Was this post helpful?

Tags: , , , , , , , , ,

Jinson Varghese

Jinson Varghese Behanan is an Information Security Analyst at Astra. Passionate about Cybersecurity from a young age, Jinson completed his Bachelor's degree in Computer Security from Northumbria University. When he isn’t glued to a computer screen, he spends his time reading InfoSec materials, playing basketball, learning French and traveling. You can follow him on Medium or visit his Website for more stories about the various Security Audits he does and the crazy vulnerabilities he finds.
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include firewall, malware scanner and security audits to protect your site from the
evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany