Ghostwire

CVE-2021-47923: OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting...

MEDIUM CVSS 5.0

Published: May 10, 2026 | Last Modified: May 11, 2026

Description

OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID cookie values that the server accepts and maintains, enabling session takeover and unauthorized access to user accounts.

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References

www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2021-47923
www.tenable.com/cve/CVE-2021-47923