CVE-2021-47946

Name of the Vulnerable Software and Affected Versions OpenCart version 3.0.36

Description A cross-site request forgery (CSRF) issue exists in the "/account/edit" endpoint. This allows unauthenticated attackers to modify account details of victims by tricking them into visiting malicious pages. By crafting CSRF payloads, attackers can change victim email addresses and account information, subsequently using the password reset functionality to gain unauthorized access to the compromised accounts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.