6 matches found
CVE-2026-31820
Sylius is an Open Source eCommerce Framework on Symfony. An authenticated Insecure Direct Object Reference IDOR vulnerability exists in multiple shop LiveComponents due to unvalidated resource IDs accepted via LiveArg parameters. Unlike props, which are protected by LiveComponent's @checksum, arg...
GHSA-2XC6-348P-C2X6 Sylius affected by IDOR in Cart and Checkout LiveComponents
Impact An authenticated Insecure Direct Object Reference IDOR vulnerability exists in multiple shop LiveComponents due to unvalidated resource IDs accepted via LiveArg parameters. Unlike props, which are protected by LiveComponent's @checksum, args are fully user-controlled - any action that...
EUVD-2026-10912
Sylius affected by IDOR in Cart and Checkout LiveComponents...
CVE-2026-31820 Sylius affected by IDOR in Cart and Checkout LiveComponents
Sylius is an Open Source eCommerce Framework on Symfony. An authenticated Insecure Direct Object Reference IDOR vulnerability exists in multiple shop LiveComponents due to unvalidated resource IDs accepted via LiveArg parameters. Unlike props, which are protected by LiveComponent's @checksum, arg...
CVE-2026-31820
Sylius is an Open Source eCommerce Framework on Symfony. An authenticated Insecure Direct Object Reference IDOR vulnerability exists in multiple shop LiveComponents due to unvalidated resource IDs accepted via LiveArg parameters. Unlike props, which are protected by LiveComponent's @checksum, arg...
Sylius 安全漏洞
Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. There is a security vulnerability in Sylius, which stems from unvalidated resource IDs in multiple stores using LiveComponents. This vulnerability may lead to insecure direct objec...