CVE-2021-47928
Published: 10 May 2026
Summary
CVE-2021-47928 is a high-severity SQL Injection (CWE-89) vulnerability in Opencartextensions (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, ranked at the 19.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-34790
Vulnerability details
Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the product_id parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection techniques…
more
to enumerate usernames, emails, and password reset codes from the oc_user table.
- CWE(s)
Related Threats
CVEs Like This One
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.