Vulnerabilities

CVE-2026-21447 - Bagisto has IDOR in Customer Order Reorder Functionality

2026-01-02 0 views admin

CVE ID : CVE-2026-21447 Published : Jan. 2, 2026, 9:15 p.m. | 52 minutes ago Description : Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order ID parameter. This exposes sensitive purchase information and enables potential fraud. Version 2.3.10 patches the issue. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-21447

Severity

HIGH

Published

Jan. 2, 2026

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-21447high

CVE-2026-21447 - Bagisto has IDOR in Customer Order Reorder Functionality

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-0571 - yeqifu warehouse AppFileUtils.java createResponseEntity path traversal

CVE-2026-21448 - Bagisto has Normal & Blind SSTI from low-privilege user when ordering product

CVE-2026-21451 - Bagisto has HTML Filter Bypass that Enables Stored XSS

CVE-2026-21450 - Bagisto has SSTI in parameter that can lead to RCE

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting