Opencart have a serious leak of database informations when there's a database connection error. The fix/workaround can be downloaded here Is it a problem? With a simple script I got ~800.000 results and I've been able to scrap more than ~30.000 (in hours due to google limitations) and dumped more than 500 complete databases (those without restrictions from remote connections). From accessing the db several things can be done, even writing files, replacing informations (ex. malicious scripts, the paypal account, etc), getting more rights, etc. I just proved that it can be done and nothing else. ---------------------------- You can add the domain TLD to have more results from google. I even found some important websites. something like that https://www.google.com/search?q=system\library\db.php(31):+DB\MySQLi->__construct( I took the first results from my search (and replaced the passwords): berardomacchine.com '89.46.111.189', 'Sql1428497', '####'