{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/opencart/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2021-47928"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["TMD Vendor System 3.x"],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve-2021-47928","opencart","web-application"],"_cs_type":"threat","_cs_vendors":["Opencart"],"content_html":"\u003cp\u003eOpencart TMD Vendor System 3.x is susceptible to a blind SQL injection vulnerability (CVE-2021-47928) that enables unauthenticated attackers to extract sensitive database information. The vulnerability stems from insufficient input sanitization of the \u003ccode\u003eproduct_id\u003c/code\u003e parameter, allowing injection of malicious SQL code. By leveraging time-based or content-based blind injection techniques, attackers can enumerate usernames, emails, and password reset codes from the \u003ccode\u003eoc_user\u003c/code\u003e table. This can lead to unauthorized access to user accounts and potential data breaches. This vulnerability was reported to NVD on May 10, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies the vulnerable \u003ccode\u003eproduct_id\u003c/code\u003e parameter in the Opencart TMD Vendor System 3.x application.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP GET request with a SQL injection payload embedded within the \u003ccode\u003eproduct_id\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe application processes the crafted request without proper sanitization, passing the malicious SQL code to the database server.\u003c/li\u003e\n\u003cli\u003eThe database server executes the injected SQL code, performing actions such as querying the \u003ccode\u003eoc_user\u003c/code\u003e table.\u003c/li\u003e\n\u003cli\u003eUsing blind SQL injection techniques (time-based or content-based), the attacker infers information about the database structure and contents.\u003c/li\u003e\n\u003cli\u003eThe attacker iterates through the database, extracting sensitive information such as usernames, emails, and password reset codes.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the extracted credentials or password reset codes to gain unauthorized access to user accounts.\u003c/li\u003e\n\u003cli\u003eThe attacker may further compromise the system, exfiltrate data, or perform other malicious activities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability (CVE-2021-47928) can lead to complete database compromise, including exposure of user credentials, personally identifiable information (PII), and other sensitive data. Unauthenticated attackers can leverage this access to take over administrator accounts, modify website content, or gain deeper access into the target network. Given the potential for widespread exploitation, organizations using Opencart TMD Vendor System 3.x are at significant risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or upgrade to a secure version of Opencart TMD Vendor System to remediate CVE-2021-47928.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2021-47928 Exploitation — Opencart TMD Vendor System Blind SQL Injection\u0026rdquo; to identify exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eImplement web application firewall (WAF) rules to block requests containing SQL injection payloads targeting the \u003ccode\u003eproduct_id\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eEnforce the principle of least privilege on database accounts to limit the impact of successful SQL injection attacks.\u003c/li\u003e\n\u003cli\u003eRegularly review and audit web application code for SQL injection vulnerabilities using static and dynamic analysis tools.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-10T13:19:42Z","date_published":"2026-05-10T13:19:42Z","id":"https://feed.craftedsignal.io/briefs/2026-05-opencart-sqli/","summary":"Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability (CVE-2021-47928) that allows unauthenticated attackers to extract database information by injecting SQL code through the product_id parameter, potentially leading to account takeover and data exfiltration.","title":"Opencart TMD Vendor System Blind SQL Injection Vulnerability (CVE-2021-47928)","url":"https://feed.craftedsignal.io/briefs/2026-05-opencart-sqli/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2021-47923"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["OpenCart 3.0.3.8"],"_cs_severities":["high"],"_cs_tags":["opencart","session-fixation","CVE-2021-47923","webserver"],"_cs_type":"advisory","_cs_vendors":["OpenCart"],"content_html":"\u003cp\u003eOpenCart 3.0.3.8 is susceptible to a session fixation vulnerability, identified as CVE-2021-47923. This flaw allows a remote attacker to hijack legitimate user sessions by injecting arbitrary values into the \u003ccode\u003eOCSESSID\u003c/code\u003e cookie. By setting a malicious \u003ccode\u003eOCSESSID\u003c/code\u003e value, the attacker can force the server to associate the victim\u0026rsquo;s session with the attacker-controlled session ID. This vulnerability enables unauthorized access to user accounts without requiring the attacker to know the user\u0026rsquo;s credentials directly. A successful attack could lead to account takeover, data theft, and modification of user profiles.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an OpenCart 3.0.3.8 instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious \u003ccode\u003eOCSESSID\u003c/code\u003e cookie value.\u003c/li\u003e\n\u003cli\u003eThe attacker injects the malicious \u003ccode\u003eOCSESSID\u003c/code\u003e cookie value into a victim\u0026rsquo;s browser session. This can be achieved through various methods, such as phishing or man-in-the-middle attacks.\u003c/li\u003e\n\u003cli\u003eThe victim visits the OpenCart site, and their browser sends the manipulated \u003ccode\u003eOCSESSID\u003c/code\u003e cookie.\u003c/li\u003e\n\u003cli\u003eThe OpenCart server accepts the attacker-controlled \u003ccode\u003eOCSESSID\u003c/code\u003e value and associates it with the victim\u0026rsquo;s session.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the same malicious \u003ccode\u003eOCSESSID\u003c/code\u003e cookie to access the OpenCart site.\u003c/li\u003e\n\u003cli\u003eThe server recognizes the attacker\u0026rsquo;s session as the victim\u0026rsquo;s, granting the attacker unauthorized access.\u003c/li\u003e\n\u003cli\u003eThe attacker can now perform actions as the victim, such as viewing personal information, modifying settings, or making purchases.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this session fixation vulnerability can result in complete account takeover. An attacker can gain unauthorized access to sensitive user data, including personal information, order history, and payment details. This can lead to financial loss for the victim, reputational damage to the OpenCart store, and potential legal liabilities. Given the high CVSS score (9.8), this vulnerability poses a significant risk to OpenCart users.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to a patched version of OpenCart that addresses CVE-2021-47923.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect OpenCart Session Fixation Attempt via OCSESSID Manipulation\u003c/code\u003e to monitor for suspicious OCSESSID cookie values.\u003c/li\u003e\n\u003cli\u003eImplement server-side checks to validate the legitimacy of the \u003ccode\u003eOCSESSID\u003c/code\u003e cookie.\u003c/li\u003e\n\u003cli\u003eEnforce strict cookie policies, including setting the \u003ccode\u003eHttpOnly\u003c/code\u003e and \u003ccode\u003eSecure\u003c/code\u003e flags for the \u003ccode\u003eOCSESSID\u003c/code\u003e cookie to prevent client-side script access and transmission over unencrypted connections.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-10T13:18:34Z","date_published":"2026-05-10T13:18:34Z","id":"https://feed.craftedsignal.io/briefs/2026-05-opencart-session-fixation/","summary":"OpenCart 3.0.3.8 is vulnerable to session fixation (CVE-2021-47923), allowing attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie, leading to unauthorized access.","title":"OpenCart Session Fixation Vulnerability (CVE-2021-47923)","url":"https://feed.craftedsignal.io/briefs/2026-05-opencart-session-fixation/"}],"language":"en","title":"CraftedSignal Threat Feed — Opencart","version":"https://jsonfeed.org/version/1.1"}