Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout
Vulnerability Description
The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Prior to 1.6.2, 1.7.2, and 2.0.2, a discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal transaction from a product page or the cart page and then returns to the order summary page, they can still manipulate the cart contents before finalizing the order. As a result, the order amount in Sylius may be higher than the amount actually captured by PayPal, leading to a scenario where merchants deliver products or services without full payment. The issue is fixed in versions: 1.6.2, 1.7.2, 2.0.2 and above.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Vulnerability Type
对假设不可变Web参数的外部可控制
Vulnerability Title
PayPal Plugin 安全漏洞
Vulnerability Description
PayPal Plugin是Sylius eCommerce开源的一个 PayPal 商务平台插件。 PayPal Plugin 1.6.2之前版本、1.7.2之前版本和2.0.2之前版本存在安全漏洞,该漏洞源于用户可以在完成PayPal结账后修改购物车。
CVSS Information
N/A
Vulnerability Type
N/A