CVE-2020-15478

HIGH

Journal theme < 3.1.0 - Sensitive Data Exposure via SQL Error Messages

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-15478. PoCs published by Jinson Varghese Behanan.

AI-analyzed exploit summary The exploit describes a sensitive data exposure vulnerability in OpenCart Theme Journal 3.0.46 and below, where improper typecasting of the 'page' parameter leads to detailed SQL error messages exposing database details and internal paths.

Description

The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.

Exploits (1)

exploitdb WRITEUP

by Jinson Varghese Behanan · textwebappsphp

https://www.exploit-db.com/exploits/49044

View Code ZIP pw:eip

The exploit describes a sensitive data exposure vulnerability in OpenCart Theme Journal 3.0.46 and below, where improper typecasting of the 'page' parameter leads to detailed SQL error messages exposing database details and internal paths.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: OpenCart Theme Journal 3.0.46 and below

No auth needed

Prerequisites: OpenCart with Journal theme version 3.0.46 or below

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Release Notes, Third Party Advisory x_refsource_misc

https://docs.journal-theme.com/changelog

Third Party Advisory x_refsource_misc

https://www.getastra.com/blog/911/plugin-exploit/sql-errors-data-exposure-in-journal-opencart-theme/

Third Party Advisory x_refsource_misc

https://www.jinsonvarghese.com/sensitive-data-exposure-in-journal-theme/

Scores

CVSS v3 7.5

EPSS 0.0469

EPSS Percentile 90.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-209

Status published

Products (1)

journal-theme/journal < 3.1.0

Published Jul 01, 2020

Tracked Since Feb 18, 2026