9 matches found
CVE-2024-40633
Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the /api/v2/shop/adjustments/id endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve ord...
solidus_backend cross-site request forgery vulnerability
Solidus is an open source e-commerce system. solidusbackend is the administrative interface of the Solidus e-commerce framework. solidusbackend is vulnerable to cross-site request forgery, which can be exploited by attackers to change the status of order adjustments while holding an order number,...
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend
Impact CSRF vulnerability allowing attackers to change the state of an order's adjustments if they hold its number, and the execution happens on a store administrator's computer. Reproduction steps: - Take an order's number. - Log in as an administrator. - Visit that order's adjustments section...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF by allowing attackers to change the state of an order's adjustments if they hold its number, and the execution happens on a store administrator's computer. Remediation Upgrade solidusbackend to version...
GHSA-8639-QX56-R428 CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend
Impact CSRF vulnerability allowing attackers to change the state of an order's adjustments if they hold its number, and the execution happens on a store administrator's computer. Reproduction steps: - Take an order's number. - Log in as an administrator. - Visit that order's adjustments section...
CVE-2022-31000 CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend
solidusbackend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery CSRF vulnerability. The vulnerability allows attackers to change the state of an order's adjustments if they hold its number, and the...
CVE-2022-31000 CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend
solidusbackend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery CSRF vulnerability. The vulnerability allows attackers to change the state of an order's adjustments if they hold its number, and the...
Solidus 跨站请求伪造漏洞
Solidus is an open source e-commerce system. solidusbackend is the administrative interface of the Solidus e-commerce framework. solidusbackend is vulnerable to cross-site request forgery, which can be exploited by attackers to change the status of order adjustments while holding an order number,...
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend
Impact CSRF vulnerability allowing attackers to change the state of an order's adjustments if they hold its number, and the execution happens on a store administrator's computer. Reproduction steps: - Take an order's number. - Log in as an administrator. - Visit that order's adjustments section...