🚨 BREAKING

OpenCart 3.0.3.8 Session Fixation Vulnerability (CVE-2021-47923) Rated Critical

/CRITICAL /CVSS 9.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvecriticalhigh-severitycwe-290
OpenCart 3.0.3.8 Session Fixation Vulnerability (CVE-2021-47923) Rated Critical

The National Vulnerability Database has detailed CVE-2021-47923, a critical session fixation vulnerability present in OpenCart version 3.0.3.8. This flaw allows attackers to hijack legitimate user sessions by manipulating the OCSESSID cookie. By injecting arbitrary values, attackers can establish and maintain control over a user’s session, leading to unauthorized access to their accounts and potentially sensitive data.

This vulnerability carries a CVSS v3.1 score of 9.8, categorizing it as CRITICAL. The attack vector is network-based with low attack complexity, requiring no privileges or user interaction, making exploitation straightforward for adversaries. The impact on confidentiality, integrity, and availability is high, indicating that successful exploitation can lead to full compromise of affected user sessions.

For defenders, the implication is clear: unpatched OpenCart installations running version 3.0.3.8 are exposed. Attackers can exploit this to bypass authentication, take over administrative or user accounts, and pilfer data or deface stores. Prioritizing patching or implementing workarounds, if available, is non-negotiable for anyone running this specific version.

What This Means For You

  • If your organization uses OpenCart 3.0.3.8, you are directly exposed to session hijacking via CVE-2021-47923. Immediately verify your OpenCart version and apply any available patches or vendor-recommended mitigations to prevent unauthorized account access.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1078.004 Abuse Elevated Credentials Persistence

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2021-47923 - OpenCart Session Fixation Attempt

Sigma YAML — free preview 
title: CVE-2021-47923 - OpenCart Session Fixation Attempt
id: scw-2026-05-10-ai-1
status: experimental
level: critical
description: |
  Detects attempts to exploit the OpenCart 3.0.3.8 session fixation vulnerability (CVE-2021-47923). This rule looks for specific URI patterns often associated with the exploit and the presence of 'OCSESSID' in the URI, indicating potential session cookie manipulation.
author: SCW Feed Engine (AI-generated)
date: 2026-05-10
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2021-47923/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/catalog/view/javascript/common.js'
      cs-method:
          - 'GET'
      sc-status:
          - '200'
  selection_cookie_manipulation:
      uri|contains:
          - 'OCSESSID'
      condition: selection AND selection_cookie_manipulation
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2021-47923 Session Fixation OpenCart 3.0.3.8
CVE-2021-47923 Session Fixation Injection of arbitrary values into OCSESSID cookie

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 10, 2026 at 16:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

Aero CMS 0.0.1 Vulnerability Allows Authenticated PHP Code Injection

CVE-2022-50944 — Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through...

vulnerabilityCVEhigh-severitycwe-94
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 4 IOCs /⚙ 3 Sigma

CyberPanel 2.1 RCE via Symlink Attack (CVE-2021-47949)

CVE-2021-47949 — CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks...

vulnerabilityCVEhigh-severityarbitrary-file-accesscwe-59
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 5 IOCs /⚙ 3 Sigma

TextPattern CMS RCE (CVE-2021-47943) Allows Authenticated Attackers to Execute Commands

CVE-2021-47943 — TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through...

vulnerabilityCVEhigh-severityremote-code-executioncwe-434
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 4 IOCs /⚙ 3 Sigma