CVE-2021-47953— OpenCart 3.0.3.7 Cross-Site Request Forgery via account/password
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-47953
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenCart 3.0.3.7 Cross-Site Request Forgery via account/password
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability that allows attackers to change user passwords by sending crafted requests to the account/password endpoint. Attackers can trick authenticated users into submitting hidden forms with new password values in the 'password' and 'confirm' parameters to hijack accounts.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenCart 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenCart是中国OpenCart团队的一套开源的电子商务系统。该系统提供产品评论、产品评分、产品添加等模块。 OpenCart 3.0.3.7版本存在跨站请求伪造漏洞,该漏洞源于account/password端点存在跨站请求伪造,可能导致攻击者通过发送特制请求更改用户密码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2021-47953
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-47953
请登录查看更多情报信息。
Same Patch Batch · Opencart · 2026-05-10 · 3 CVEs total
| CVE-2021-47923 | 9.8 CRITICAL | OpenCart 3.0.3.8 Session Fixation via OCSESSID Cookie |
| CVE-2021-47946 | 5.3 MEDIUM | OpenCart 3.0.3.6 Account Takeover via Cross Site Request Forgery |
IV. Related Vulnerabilities
Same product: OpenCart
- CVE-2021-47946
OpenCart 3.0.3.6 Account Takeover via Cross Site Request For - CVE-2021-47923
OpenCart 3.0.3.8 Session Fixation via OCSESSID Cookie - CVE-2026-5331
OpenCart Extension Installer installer.php path traversal - CVE-2026-3714
OpenCart Incomplete Fix CVE-2024-36694 template.php save spe - CVE-2025-15116
OpenCart Single-Use Coupon race condition
Same vendor: Opencart
- CVE-2021-47946
OpenCart 3.0.3.6 Account Takeover via Cross Site Request For - CVE-2021-47923
OpenCart 3.0.3.8 Session Fixation via OCSESSID Cookie - CVE-2024-58341
OpenCart Core 4.0.2.3 SQL Injection via search Parameter - CVE-2025-1749
HTML injection vulnerability in OpenCart - CVE-2025-1748
HTML injection vulnerability in OpenCart
Same weakness: CWE-352
- CVE-2026-8425
Notify Odoo <= 1.0.1 - Cross-Site Request Forgery to Setting - CVE-2026-28761
Musetheque V4CSRF漏洞 - CVE-2026-5365
LatePoint <= 5.3.2 - Cross-Site Request Forgery via 'custome - CVE-2026-4527
Cross-Site Request Forgery (CSRF) in GitLab - CVE-2026-44364
misp-modules website - Missing CSRF protection in the websit
V. Comments for CVE-2021-47953
No comments yet