CVE-2025-1117: CoinRemitter sql injection
First published: Sat Feb 08 2025(Updated: )
A vulnerability, which was classified as critical, was found in CoinRemitter 0.0.1/0.0.2 on OpenCart. This affects an unknown part. The manipulation of the argument coin leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.3 is able to address this issue. It is recommended to upgrade the affected component.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CoinRemitter | >=0.0.1<0.0.2 | |
| OpenCart |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1117?
CVE-2025-1117 is classified as a critical vulnerability.
What products are affected by CVE-2025-1117?
CVE-2025-1117 affects CoinRemitter versions 0.0.1 and 0.0.2 and is associated with OpenCart.
How does CVE-2025-1117 exploit the system?
CVE-2025-1117 allows for SQL injection attacks through manipulation of the coin argument.
Can CVE-2025-1117 be exploited remotely?
Yes, the exploit for CVE-2025-1117 can be initiated remotely.
How do I fix CVE-2025-1117?
To fix CVE-2025-1117, upgrade to the latest versions of CoinRemitter that contain a patch for this vulnerability.
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/weakness
- agent/type
- agent/source
- agent/references
- agent/event
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/coinremitter
- canonical/coinremitter
- vendor/opencart
- canonical/opencart