3 matches found
CVE-2020-5218
Affected versions of Sylius give attackers the ability to switch channels via the channelcode GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to true. However, if no syliuschannel.debug is set explicitly in the configuration, the default value...
CVE-2020-5218
Summary. CVE-2020-5218 affects Sylius: in production, attackers could switch channels via the _channel_code GET parameter due to an unresolved default of kernel.debug when sylius_channel.debug is not explicitly set. This misconfiguration enables the debug feature even if the parameter is false. R...
CVE-2020-5218 Ability in Sylius to switch channels via GET parameter enabled in production environments
Affected versions of Sylius give attackers the ability to switch channels via the channelcode GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to true. However, if no syliuschannel.debug is set explicitly in the configuration, the default value...