9 matches found
Bagisto has IDOR in Customer Order Reorder Functionality
Summary An Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order ID parameter. This exposes sensitive purchase information and enables...
GHSA-X5RW-QVVP-5CGM Bagisto has IDOR in Customer Order Reorder Functionality
Summary An Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order ID parameter. This exposes sensitive purchase information and enables...
CVE-2026-21447
Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order...
CVE-2026-21447
Bagisto (Laravel eCommerce) prior to version 2.3.10 is affected by an Insecure Direct Object Reference (IDOR) in the customer order reorder function. The root cause is that OrderController::reorder retrieves orders by ID without verifying ownership, allowing any authenticated customer to add item...
EUVD-2026-0748
Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order...
CVE-2026-21447 Bagisto has IDOR in Customer Order Reorder Functionality
Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order...
CVE-2026-21447 Bagisto has IDOR in Customer Order Reorder Functionality
Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order...
Webkul Software Bagisto 安全漏洞
Webkul Software Bagisto is an open source e-commerce framework from Webkul Software, India. A security vulnerability exists in Webkul Software Bagisto versions prior to 2.3.10, which stems from an insecure direct object reference in the Customer Order Reorder feature, which could cause an...
PT-2026-1127
Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 2.3.10 Description An Insecure Direct Object Reference issue exists in the customer order reorder function. This allows authenticated customers to add items from another customer's order to their own shopping cart by...