CVE-2024-58341 is a critical SQL injection vulnerability identified in OpenCart Core version 4.0.2.3. The vulnerability arises from improper neutralization of special elements in SQL commands (CWE-89), specifically through the 'search' parameter in the product search functionality. An attacker can craft specially designed GET requests with malicious 'search' values that manipulate the underlying SQL queries executed by the application. This manipulation enables attackers to perform boolean-based blind or time-based blind SQL injection attacks, techniques that allow extraction of sensitive data from the backend database without direct error messages or visible output. The vulnerability requires no authentication or user interaction, making it highly exploitable remotely over the network. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality (VC:H) with low impact on integrity (VI:L) and no impact on availability (VA:N). The vulnerability affects only OpenCart Core version 4.0.2.3, and no patches or official fixes have been published at the time of disclosure. While no known exploits are reported in the wild, the vulnerability's characteristics suggest it could be leveraged to extract sensitive customer or business data, potentially leading to data breaches or further attacks.

The primary impact of CVE-2024-58341 is unauthorized disclosure of sensitive information stored in the OpenCart database, including potentially customer data, product details, and business intelligence. Successful exploitation can compromise confidentiality and partially affect data integrity by allowing attackers to manipulate database queries. Although availability is not directly impacted, the breach of sensitive data can lead to reputational damage, regulatory penalties, and loss of customer trust. Since the vulnerability requires no authentication and is remotely exploitable, attackers can target vulnerable e-commerce sites at scale. This poses a significant risk to organizations relying on OpenCart 4.0.2.3 for their online storefronts, especially those handling payment or personal data. The lack of known exploits currently provides a window for proactive mitigation, but the ease of exploitation and high impact score indicate a critical threat if left unaddressed.

Organizations should immediately upgrade OpenCart Core to a version where this vulnerability is patched once available. In the absence of an official patch, implement web application firewall (WAF) rules specifically designed to detect and block SQL injection attempts targeting the 'search' parameter. Input validation and sanitization should be enforced at the application level to reject or properly escape special SQL characters in user-supplied input. Employ parameterized queries or prepared statements in the codebase to prevent injection vectors. Monitor web server and database logs for unusual query patterns or repeated failed attempts indicative of blind SQL injection probing. Limit database user privileges to the minimum necessary to reduce potential damage from exploitation. Conduct regular security assessments and penetration testing focused on injection flaws. Finally, maintain an incident response plan to quickly address any suspected compromise.