GCVE - cpe:2.3:a:n/a:shiprocket_module:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:shiprocket_module:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Shiprocket Module (`1d18ec36-e3b4-5ae0-8158-e33de71f910a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-0580`	vulnerable	2026-06-08 07:02:24.887764	Shiprocket Module REST API Module rest_api authorization MEDIUM (5.6) A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/rest_api&action=getOrders of the component REST API Module. The manipulation of the argument contentHash leads to incorrect authorization. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-01-20T02:31:05.900Z Updated: 2025-01-21T20:23:23.261Z Open on db.gcve.eu Reference links https://vuldb.com/?id.292598 https://vuldb.com/?ctiid.292598 https://vuldb.com/?submit.476832 https://gist.github.com/mcdruid/0d1fdbba445587639ee5da66e7abfcc9	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0579`	vulnerable	2026-06-08 07:02:24.887182	Shiprocket Module REST API Module restapi sql injection HIGH (7.3) A vulnerability was found in Shiprocket Module 3/4 on OpenCart. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php?route=extension/shiprocket/module/restapi of the component REST API Module. The manipulation of the argument x-username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-01-20T02:31:04.543Z Updated: 2025-02-12T20:41:20.302Z Open on db.gcve.eu Reference links https://vuldb.com/?id.292597 https://vuldb.com/?ctiid.292597 https://vuldb.com/?submit.476831 https://gist.github.com/mcdruid/3c9fc9bd4e882cee21f8a37998f56fce	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.