CVE-2021-47923— OpenCart 3.0.3.8 Session Fixation via OCSESSID Cookie
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-47923
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenCart 3.0.3.8 Session Fixation via OCSESSID Cookie
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID cookie values that the server accepts and maintains, enabling session takeover and unauthorized access to user accounts.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用欺骗进行的认证绕过
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2021-47923
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-47923
请登录查看更多情报信息。
- OpenCart 3.0.3.8 Session Fixation via OCSESSID Cookie | Advisories | VulnCheckthird-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-47923
Same Patch Batch · Opencart · 2026-05-10 · 3 CVEs total
| CVE-2021-47946 | 5.3 MEDIUM | OpenCart 3.0.36 Account Takeover via Cross Site Request Forgery |
| CVE-2021-47953 | 4.3 MEDIUM | OpenCart 3.0.3.7 Cross-Site Request Forgery via account/password |
IV. Related Vulnerabilities
Same product: opencart
- CVE-2021-47953
OpenCart 3.0.3.7 Cross-Site Request Forgery via account/pass - CVE-2021-47946
OpenCart 3.0.36 Account Takeover via Cross Site Request Forg - CVE-2026-5331
OpenCart Extension Installer installer.php path traversal - CVE-2026-3714
OpenCart Incomplete Fix CVE-2024-36694 template.php save spe - CVE-2025-15116
OpenCart Single-Use Coupon race condition
Same vendor: Opencart
- CVE-2021-47953
OpenCart 3.0.3.7 Cross-Site Request Forgery via account/pass - CVE-2021-47946
OpenCart 3.0.36 Account Takeover via Cross Site Request Forg - CVE-2024-58341
OpenCart Core 4.0.2.3 SQL Injection via search Parameter - CVE-2025-1749
HTML injection vulnerability in OpenCart - CVE-2025-1748
HTML injection vulnerability in OpenCart
Same weakness: CWE-290
- CVE-2026-42354
Sentry: Improper authentication on SAML SSO process allows u - CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-39858
Traefik: Forwarded alias spoofing top pre-auth decision bypa - CVE-2018-25317
Tenda W3002R/A302/W309R V5.07.64_en Cookie Session Weakness - CVE-2018-25318
Tenda FH303/A300 V5.07.68_EN Cookie Session Weakness DNS Cha
V. Comments for CVE-2021-47923
No comments yet