Lucene search
+L

7 matches found

snyk
snyk
added 2026/03/11 12:12 a.m.4 views

Missing Authorization

Overview sylius/sylius is a platform for PHP, based on Symfony framework. Affected versions of this package are vulnerable to Missing Authorization via the POST /api/v2/shop/orders/tokenValue/items endpoint. An attacker can gain unauthorized access to and manipulate another user's shopping cart b...

6.9CVSS5.8AI score0.00182EPSS
Exploits0References2
euvd
euvd
added 2026/03/11 12:12 a.m.6 views

EUVD-2026-10914

Sylius is Missing Authorization in API v2 Add Item Endpoint...

6.9CVSS5.8AI score0.00182EPSS
Exploits0References1
euvd
euvd
added 2026/03/11 12:12 a.m.6 views

EUVD-2026-10915

Sylius is Missing Authorization in API v2 Add Item Endpoint...

6.9CVSS5.8AI score0.00182EPSS
Exploits0References1
osv
osv
added 2026/03/11 12:12 a.m.4 views

GHSA-WJMG-4CQ5-M8HG Sylius is Missing Authorization in API v2 Add Item Endpoint

Impact The POST /api/v2/shop/orders/tokenValue/items endpoint does not verify cart ownership. An unauthenticated attacker can add items to other registered customers' carts by knowing the cart tokenValue. POST /api/v2/shop/orders/tokenValue/items Other mutation endpoints PUT, PATCH, DELETE are no...

6.9CVSS6AI score0.00182EPSS
Exploits0References3
nvd
nvd
added 2026/03/10 10:16 p.m.26 views

CVE-2026-31821

Sylius is an Open Source eCommerce Framework on Symfony. The POST /api/v2/shop/orders/tokenValue/items endpoint does not verify cart ownership. An unauthenticated attacker can add items to other registered customers' carts by knowing the cart tokenValue. An attacker who obtains a cart tokenValue...

6.9CVSS0.00182EPSS
Exploits0References1
cvelist
cvelist
added 2026/03/10 9:25 p.m.47 views

CVE-2026-31821 Sylius is Missing Authorization in API v2 Add Item Endpoint

Sylius is an Open Source eCommerce Framework on Symfony. The POST /api/v2/shop/orders/tokenValue/items endpoint does not verify cart ownership. An unauthenticated attacker can add items to other registered customers' carts by knowing the cart tokenValue. An attacker who obtains a cart tokenValue...

6.9CVSS0.00182EPSS
Exploits0References1
osv
osv
added 2026/03/10 9:25 p.m.11 views

CVE-2026-31821 Sylius is Missing Authorization in API v2 Add Item Endpoint

Sylius is an Open Source eCommerce Framework on Symfony. The POST /api/v2/shop/orders/tokenValue/items endpoint does not verify cart ownership. An unauthenticated attacker can add items to other registered customers' carts by knowing the cart tokenValue. An attacker who obtains a cart tokenValue...

6.9CVSS6AI score0.00182EPSS
Exploits0References3
Rows per page
Query Builder