PT-2026-40901 · Unknown · Ecommerce-Website

·

CVE-2026-2347

·

Published

2026-05-14

·

Updated

2026-05-16

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions E-Commerce Website versions prior to 4.5.001
Description An authorization bypass exists due to a user-controlled key, which allows for session hijacking. This is an Insecure Direct Object Reference (IDOR), a condition where an application provides direct access to objects based on user-supplied input.
Recommendations Update to version 4.5.001 or later.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-2347

Affected Products

Ecommerce-Website