Is there a public PoC exploit available for CVE-2024-58341?

Yes, a public proof-of-concept exploit is available for CVE-2024-58341. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2024-58341?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Validate that input sanitization is in place for all user-controlled parameters.

CVE-2024-58341

Q: What is the CVSS score of CVE-2024-58341?

CVE-2024-58341 has a CVSS 4.0 base score of 8.8 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2024-55504 HIGH

SQL Injection (CWE-89)

2026-03-25 VulnCheck

GHSA-rchp-2wh9-pwpw

SQLi

8.8

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Mar 27, 2026 - 19:24 vuln.today

Public exploit code

EUVD ID Assigned

Mar 25, 2026 - 16:16 euvd

EUVD-2024-55504

Analysis Generated

Mar 25, 2026 - 16:16 vuln.today

Patch released

Mar 25, 2026 - 16:16 nvd

Patch available

CVE Published

Mar 25, 2026 - 16:04 nvd

HIGH 8.8

DescriptionNVD

OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'search' parameter. Attackers can send GET requests to the product search endpoint with malicious 'search' values to extract sensitive database information using boolean-based blind or time-based blind SQL injection techniques.

AnalysisAI

OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'search' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'search' parameter. Attackers can send GET requests to the product search endpoint with malicious 'search' values to extract sensitive database information using boolean-based blind or time-based blind SQL injection techniques. Affected products include: Opencart Opencart Core.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2024-58341 vulnerability details – vuln.today

Back

CVE-2024-58341

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

CVE-2024-58341

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code