Unknown · Ecommerce-Website · CVE-2026-2347
**Name of the Vulnerable Software and Affected Versions**
E-Commerce Website versions prior to 4.5.001
**Description**
An authorization bypass exists due to a user-controlled key, which allows for session hijacking. This is an Insecure Direct Object Reference (IDOR), a condition where an application provides direct access to objects based on user-supplied input.
**Recommendations**
Update to version 4.5.001 or later.