CNNVD-202601-076 Information
CNNVD ID
CNNVD-202601-076
Related CVE
- CNNVD Published: 2026-01-02
Description (Chinese)
Webkul Software Bagisto是印度Webkul Software公司的一套开源的电子商务框架。 Webkul Software Bagisto 2.3.10之前版本存在安全漏洞,该漏洞源于客户订单重新订购功能存在不安全的直接对象引用,可能导致经过身份验证的客户将其他客户订单中的商品添加到自己的购物车。
Description (English)
Webkul Software Bagisto is an open-source e-commerce framework for Webkul Software in India. The previous version of Webkul Software Bagisto 2.3.10 had a security loophole, which stemmed from the unsafe direct-object references to the reordering function of the customer, which could result in the identification of the customer adding the goods from other customer orders to his own shopping van.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Webkul Software
Published
2026-01-02
Last Modified
2026-02-24
References
https://github.com/bagisto/bagisto/commit/b2b1cf62577245d03a68532478cffbe321df74d3 https://github.com/bagisto/bagisto/security/advisories/GHSA-x5rw-qvvp-5cgm https://access.redhat.com/security/cve/cve-2026-21447
Patch
https://github.com/bagisto/bagisto/releases
Share on: