← Volver a CVEs
CVE-2021-47946
MEDIUM5.3
Descripcion
OpenCart 3.0.3.6 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and account information, then use password reset functionality to gain unauthorized access to compromised accounts.
Detalles CVE
Puntuacion CVSS v3.15.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado5/10/2026
Ultima modificacion5/12/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-352
Referencias
https://www.exploit-db.com/exploits/49407(disclosure@vulncheck.com)
https://www.opencart.com(disclosure@vulncheck.com)
https://www.opencart.com/index.php?route=cms/download(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/opencart-account-takeover-via-cross-site-request-forgery(disclosure@vulncheck.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.