CVE-2021-47923 – OpenCart

CVSS 9.8 CRITICAL

“A single cookie can hand over full account control.”

This patch addresses a critical session fixation vulnerability in OpenCart 3.0.3.8 that allows attackers to hijack user sessions by injecting malicious OCSESSID cookie values. The server improperly accepts attacker-controlled session identifiers, enabling unauthorized access to user accounts without authentication.

CVE-2021-47923 has a CVSS score of 9.8, which is Critical severity. Proof-of-concept exploitation has been confirmed, making this issue highly actionable for attackers. The vulnerability can be exploited remotely with no user interaction, exposing affected systems to immediate account takeover risks.

Key Details

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
CWE Classification: CWE-290

Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.

CVE-2021-47923 – OpenCart

Key Details

Stay Tuned

PLATFORM

SOLUTIONS

RESOURCES

COMPANY

LEGAL

CONTACTS

+1-346-444-8530

Toll Free: 833-444-8530

708 Main St, 10th FL, Houston, TX 77002