Vendor

Opencart

2 briefs RSS

Opencart TMD Vendor System Blind SQL Injection Vulnerability (CVE-2021-47928)

Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability (CVE-2021-47928) that allows unauthenticated attackers to extract database information by injecting SQL code through the product_id parameter, potentially leading to account takeover and data exfiltration.

TMD Vendor System 3.x sql-injection cve-2021-47928 opencart web-application

2r 2t 1c 5m ago

high advisory

OpenCart Session Fixation Vulnerability (CVE-2021-47923)

2 rules 1 TTP 1 CVE

OpenCart 3.0.3.8 is vulnerable to session fixation (CVE-2021-47923), allowing attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie, leading to unauthorized access.

OpenCart 3.0.3.8 opencart session-fixation CVE-2021-47923 webserver

2r 1t 1c 6m ago