CVE-2021-47953
Cross-Site Request Forgery in OpenCart Password Change
Publication date: 2026-05-10
Last updated on: 2026-05-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opencart | opencart | 3.0.3.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47953 is a Cross-Site Request Forgery (CSRF) vulnerability in OpenCart 3.0.3.7 that allows attackers to change user passwords by sending crafted requests to the account/password endpoint.
Attackers exploit this flaw by tricking authenticated users into submitting hidden forms containing new password values in the 'password' and 'confirm' parameters, effectively hijacking user accounts without their consent.
This vulnerability exists because OpenCart does not implement security tokens to prevent CSRF attacks, allowing unauthorized actions to be performed within an active user session.
How can this vulnerability impact me? :
This vulnerability can lead to account hijacking by allowing attackers to change user passwords without authorization.
If exploited, attackers can gain control over user accounts, potentially leading to unauthorized access to personal information, disruption of user activities, and loss of trust in the affected platform.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious POST requests to the account/password endpoint that include the 'password' and 'confirm' parameters. Since the exploit involves Cross-Site Request Forgery (CSRF), look for unexpected or unauthorized password change requests originating from authenticated user sessions.
You can use network monitoring tools or web server logs to identify such requests. For example, using command-line tools like curl or tcpdump to capture and analyze HTTP POST requests to the vulnerable endpoint may help detect exploitation attempts.
- Use curl to simulate or detect suspicious POST requests: curl -X POST -d "password=newpass&confirm=newpass" https://your-opencart-site/account/password
- Use tcpdump or Wireshark to capture HTTP traffic and filter for POST requests to /account/password.
- Check web server access logs for POST requests to /account/password with parameters 'password' and 'confirm'.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing CSRF protection mechanisms such as security tokens (CSRF tokens) in forms that handle sensitive actions like password changes.
Additionally, restrict or validate requests to the account/password endpoint to ensure they originate from legitimate sources and authenticated users.
If possible, update OpenCart to a version that patches this vulnerability or apply available security patches.
Educate users to avoid clicking on suspicious links and consider monitoring for unusual password change activities.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to hijack user accounts by changing passwords without user consent through a Cross-Site Request Forgery (CSRF) attack.
Such unauthorized account access can lead to unauthorized data access or manipulation, which may result in violations of data protection regulations like GDPR or HIPAA that require safeguarding user data and ensuring user consent for changes.
Therefore, this vulnerability could negatively impact compliance with these standards by exposing user accounts to hijacking and potential data breaches.