[opencart/opencart] OpenCart allows users on admin page to obtain database information or read server files through SQL injection

OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background.

References

• https://nvd.nist.gov/vuln/detail/CVE-2021-37823
• https://medium.com/@nowczj/sql-injection-exists-in-the-background-of-opencart-d41b5c58e99e
• https://github.com/advisories/GHSA-236j-rfx5-wq38