CVE-2021-47923— OpenCart 3.0.3.8 Session Fixation via OCSESSID Cookie
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-47923
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenCart 3.0.3.8 Session Fixation via OCSESSID Cookie
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID cookie values that the server accepts and maintains, enabling session takeover and unauthorized access to user accounts.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用欺骗进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenCart 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenCart是中国OpenCart团队的一套开源的电子商务系统。该系统提供产品评论、产品评分、产品添加等模块。 OpenCart 3.0.3.8版本存在安全漏洞,该漏洞源于会话固定漏洞,允许攻击者通过向OCSESSID cookie注入任意值劫持用户会话,攻击者可以设置服务器接受并维护的恶意OCSESSID cookie值,导致会话接管和未经授权访问用户账户。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2021-47923
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-47923
请登录查看更多情报信息。
- OpenCart 3.0.3.8 Session Fixation via OCSESSID Cookie | Advisories | VulnCheckthird-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-47923
Same Patch Batch · Opencart · 2026-05-10 · 3 CVEs total
| CVE-2021-47946 | 5.3 MEDIUM | OpenCart 3.0.3.6 Account Takeover via Cross Site Request Forgery |
| CVE-2021-47953 | 4.3 MEDIUM | OpenCart 3.0.3.7 Cross-Site Request Forgery via account/password |
IV. Related Vulnerabilities
Same product: opencart
- CVE-2021-47953
OpenCart 3.0.3.7 Cross-Site Request Forgery via account/pass - CVE-2021-47946
OpenCart 3.0.3.6 Account Takeover via Cross Site Request For - CVE-2026-5331
OpenCart Extension Installer installer.php path traversal - CVE-2026-3714
OpenCart Incomplete Fix CVE-2024-36694 template.php save spe - CVE-2025-15116
OpenCart Single-Use Coupon race condition
Same vendor: Opencart
- CVE-2021-47953
OpenCart 3.0.3.7 Cross-Site Request Forgery via account/pass - CVE-2021-47946
OpenCart 3.0.3.6 Account Takeover via Cross Site Request For - CVE-2024-58341
OpenCart Core 4.0.2.3 SQL Injection via search Parameter - CVE-2025-1749
HTML injection vulnerability in OpenCart - CVE-2025-1748
HTML injection vulnerability in OpenCart
Same weakness: CWE-290
- CVE-2026-46356
Fleet: IP spoofing allows bypassing API rate limiting - CVE-2026-24899
Fleet Windows MDM Azure AD JWT Authentication Bypass - CVE-2026-24000
Fleet has a rate limiting bypass via untrusted client IP hea - CVE-2026-40460
NGINX ngx_quic_module vulnerability - CVE-2026-44183
Cleanuparr: X-Forwarded-For leftmost parsing allows remote u
V. Comments for CVE-2021-47923
No comments yet