CVE-2020-15245
- EPSS 0.17%
- Veröffentlicht 19.10.2020 21:15:12
- Zuletzt bearbeitet 21.11.2024 05:05:10
In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email mail@example.com, verify it, change it to the mail another@domain.com and stay verified and enabled. This may lead to having accounts addressed to totally diff...
CVE-2020-5218
- EPSS 0.31%
- Veröffentlicht 27.01.2020 21:15:11
- Zuletzt bearbeitet 21.11.2024 05:33:42
Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to true. However, if no sylius_channel.debug is set e...
CVE-2019-12186
- EPSS 0.35%
- Veröffentlicht 31.12.2019 15:15:10
- Zuletzt bearbeitet 21.11.2024 04:22:23
An issue was discovered in Sylius products. Missing input sanitization in sylius/sylius 1.0.x through 1.0.18, 1.1.x through 1.1.17, 1.2.x through 1.2.16, 1.3.x through 1.3.11, and 1.4.x through 1.4.3 and sylius/grid 1.0.x through 1.0.18, 1.1.x throug...
CVE-2019-16768
- EPSS 0.35%
- Veröffentlicht 05.12.2019 20:15:09
- Zuletzt bearbeitet 21.11.2024 04:31:09
In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some in...