sylius/paypalplugin is vulnerable to information disclosure. An attacker is able to predict the URL to the payment done
page, after checkout due to the use of autoincremented
payment id in page creation.Prefilled credit card form shows customer’s first and last name resulting in sensitive information disclosure.
CPE | Name | Operator | Version |
---|---|---|---|
sylius/paypal-plugin | le | v1.2.3 | |
sylius/paypal-plugin | le | v1.3.0 | |
sylius/paypal-plugin | le | v1.2.3 | |
sylius/paypal-plugin | le | v1.3.0 |