What is CVE-2021-47923?

CVE-2021-47923 is a critical-severity vulnerability in Opencart, classified under Authentication Bypass by Spoofing. CVSS score: 9.8/10. Published 2026-05-10.

How severe is CVE-2021-47923?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Opencart

CVE-2021-47923

OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID cookie values that the server accepts and…

EPSS: 0.001 (21.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Opencart — versions 3.0.3.8

Weakness classification (CWE)

CWE-290 — Authentication Bypass by Spoofing

References

disclosure@vulncheck.com (exploit)
disclosure@vulncheck.com (product)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2021-47923?: CVE-2021-47923 is a critical-severity vulnerability in Opencart, classified under Authentication Bypass by Spoofing. CVSS score: 9.8/10. Published 2026-05-10.
How severe is CVE-2021-47923?: Critical severity. CVSS v3 base score is 9.8 out of 10.