Impact
The vulnerability is a classic SQL injection in the jCart component for OpenCart 2.0, triggered through the product_id GET parameter. An unauthenticated attacker can craft a request to index.php with option=com_jcart&route=product/product and inject arbitrary SQL, allowing extraction of sensitive database content. This flaw maps to CWE-89 and can compromise the confidentiality of stored data.
Affected Systems
The affected product is the jCart component developed by Soft‑Php for OpenCart 2.0. The vendor list includes Soft‑Php and the component name jCart for OpenCart. No specific patched versions were listed in the advisory; thus all installations of the component in OpenCart 2.0 that contain the vulnerable code are considered affected.
Risk and Exploitability
The CVSS score of 8.8 indicates a high severity. The exploitation does performed purely via a crafted GET request, making it easily automated. Though the EPSS score is not available and the vulnerability is not listed in CISA KEV, the compound of high Attackers can readily gain read access to database tables.
OpenCVE Enrichment