2 matches found
Authorization Bypass Through User-Controlled Key
Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the number parameter in the cart loading process. An attacker can gain unauthorized access to and modify another user's shopping cart by...
PT-2026-24637
An Insecure Direct Object Reference IDOR vulnerability exists in Craft Commerce’s cart functionality that allows users to hijack any shopping cart by knowing or guessing its 32-character number. This vulnerability enables the takeover of shopping sessions and potential exposure of PII...