{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31825", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-09T17:41:56.077Z", "datePublished": "2026-03-10T21:33:26.471Z", "dateUpdated": "2026-03-11T15:19:28.740Z"}, "containers": {"cna": {"title": "Sylius has a DQL Injection via API Order Filters", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-943", "lang": "en", "description": "CWE-943: Improper Neutralization of Special Elements in Data Query Logic", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Sylius/Sylius/security/advisories/GHSA-xcwx-r2gw-w93m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-xcwx-r2gw-w93m"}], "affected": [{"vendor": "Sylius", "product": "Sylius", "versions": [{"version": ">= 2.2.0, < 2.2.3", "status": "affected"}, {"version": ">= 2.1.0, < 2.1.12", "status": "affected"}, {"version": ">= 2.0.0, < 2.0.16", "status": "affected"}, {"version": ">= 1.14.0, < 1.14.18", "status": "affected"}, {"version": ">= 1.13.0, < 1.13.15", "status": "affected"}, {"version": ">= 1.12.0, < 1.12.23", "status": "affected"}, {"version": ">= 1.11.0, < 1.11.17", "status": "affected"}, {"version": ">= 1.10.0, < 1.10.16", "status": "affected"}, {"version": "< 1.9.12", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-10T21:33:26.471Z"}, "descriptions": [{"lang": "en", "value": "Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter pass user-supplied order direction values directly to Doctrine's orderBy() without validation. An attacker can inject arbitrary DQL. The issue is fixed in versions: 1.9.12, 1.10.16, 1.11.17, 1.12.23, 1.13.15, 1.14.18, 2.0.16, 2.1.12, 2.2.3 and above."}], "source": {"advisory": "GHSA-xcwx-r2gw-w93m", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31825", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T14:29:15.310043Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T15:19:28.740Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31825", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T14:29:15.310043Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T14:29:20.870Z"}}], "cna": {"title": "Sylius has a DQL Injection via API Order Filters", "source": {"advisory": "GHSA-xcwx-r2gw-w93m", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Sylius", "product": "Sylius", "versions": [{"status": "affected", "version": ">= 2.2.0, < 2.2.3"}, {"status": "affected", "version": ">= 2.1.0, < 2.1.12"}, {"status": "affected", "version": ">= 2.0.0, < 2.0.16"}, {"status": "affected", "version": ">= 1.14.0, < 1.14.18"}, {"status": "affected", "version": ">= 1.13.0, < 1.13.15"}, {"status": "affected", "version": ">= 1.12.0, < 1.12.23"}, {"status": "affected", "version": ">= 1.11.0, < 1.11.17"}, {"status": "affected", "version": ">= 1.10.0, < 1.10.16"}, {"status": "affected", "version": "< 1.9.12"}]}], "references": [{"url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-xcwx-r2gw-w93m", "name": "https://github.com/Sylius/Sylius/security/advisories/GHSA-xcwx-r2gw-w93m", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter pass user-supplied order direction values directly to Doctrine's orderBy() without validation. An attacker can inject arbitrary DQL. The issue is fixed in versions: 1.9.12, 1.10.16, 1.11.17, 1.12.23, 1.13.15, 1.14.18, 2.0.16, 2.1.12, 2.2.3 and above."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-943", "description": "CWE-943: Improper Neutralization of Special Elements in Data Query Logic"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-10T21:33:26.471Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31825", "state": "PUBLISHED", "dateUpdated": "2026-03-11T15:19:28.740Z", "dateReserved": "2026-03-09T17:41:56.077Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-10T21:33:26.471Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*", "matchCriteriaId": "51770D35-6AE8-496E-96BC-66EB6BCE7B40", "versionEndExcluding": "1.9.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A470C5F-0EA5-44E7-8972-DBD12E239521", "versionEndExcluding": "1.10.16", "versionStartIncluding": "1.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*", "matchCriteriaId": "7BA83BA2-99AF-472A-A1A0-C3E816124261", "versionEndExcluding": "1.11.17", "versionStartIncluding": "1.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*", "matchCriteriaId": "429D1774-7663-41CF-97B5-864341D416B6", "versionEndExcluding": "1.12.23", "versionStartIncluding": "1.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*", "matchCriteriaId": "90B50358-6686-4FCC-AFC3-581927B851A3", "versionEndExcluding": "1.13.15", "versionStartIncluding": "1.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FC1AC20-9138-4CF3-81F5-A0CA777A693E", "versionEndExcluding": "1.14.18", "versionStartIncluding": "1.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA9449ED-A73A-4D16-A464-DBCBE24CA6A6", "versionEndExcluding": "2.0.16", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*", "matchCriteriaId": "F45888BF-720D-4B78-BA7D-ED7E5E091A8C", "versionEndExcluding": "2.1.12", "versionStartIncluding": "2.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A2540B0-56B9-4B15-9876-BE908A80BB0A", "versionEndExcluding": "2.2.3", "versionStartIncluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter pass user-supplied order direction values directly to Doctrine's orderBy() without validation. An attacker can inject arbitrary DQL. The issue is fixed in versions: 1.9.12, 1.10.16, 1.11.17, 1.12.23, 1.13.15, 1.14.18, 2.0.16, 2.1.12, 2.2.3 and above."}, {"lang": "es", "value": "Sylius es un framework de eCommerce de c\u00f3digo abierto en Symfony. Los filtros de la API de Sylius ProductPriceOrderFilter y TranslationOrderNameAndLocaleFilter pasan valores de direcci\u00f3n de orden suministrados por el usuario directamente a orderBy() de Doctrine sin validaci\u00f3n. Un atacante puede inyectar DQL arbitrario. El problema est\u00e1 solucionado en las versiones: 1.9.12, 1.10.16, 1.11.17, 1.12.23, 1.13.15, 1.14.18, 2.0.16, 2.1.12, 2.2.3 y superiores."}], "id": "CVE-2026-31825", "lastModified": "2026-03-18T19:48:52.573", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-10T22:16:20.320", "references": [{"source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-xcwx-r2gw-w93m"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}, {"lang": "en", "value": "CWE-943"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.2.0,2.2.3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.1.0,2.1.12)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.0.0,2.0.16)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.14.0,1.14.18)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.13.0,1.13.15)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.12.0,1.12.23)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.11.0,1.11.17)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.10.0,1.10.16)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.9.12)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Sylius", "source": "cna", "vendor": "Sylius"}, "product": "sylius", "vendor": "sylius"}], "analysis": {"en": {"generated_at": "2026-04-16T09:23:31.727974+00:00", "value": {"mitigation_remediation": ["Upgrade Sylius to at least version 2.2.3 or apply the patch updates corresponding to 1.9.12, 1.10.16, 1.11.17, 1.12.23, 1.13.15, 1.14.18, 2.0.16, 2.1.12, or 2.2.3.", "If an upgrade is not immediately possible, restrict access to the API endpoints that use ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter to trusted clients or authenticated users only.", "Implement input validation that sanitizes or whitelists acceptable order direction values before passing them to Doctrine\u2019s orderBy()."], "summary": {"action": "Patch", "impact": "Database Query Injection"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Sylius eCommerce framework. Versions prior to the following fixes are vulnerable: 1.9.12, 1.10.16, 1.11.17, 1.12.23, 1.13.15, 1.14.18, 2.0.16, 2.1.12, 2.2.3 and earlier. All later releases carry the patch.", "description_and_impact": "Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter report user\u2011supplied order direction values directly to Doctrine\u2019s orderBy() without any validation. This allows an attacker to inject arbitrary DQL which can be executed against the database. The consequence is that non\u2011privileged input can compel the application to run unintended database statements, potentially exposing private data, tampering with data, or disrupting service. The flaw is classified as CWE\u201189 and CWE\u2011943. Based on the description, the attack vector is inferred to be through external API calls, and the impact is inferred from the ability to execute arbitrary query language statements which can compromise confidentiality, integrity, or availability.", "risk_and_exploitability": "The CVSS score is 5.3, indicating a moderate severity. EPSS is below 1%, implying a low likelihood of exploitation at this time, and the vulnerability is not included in the CISA KEV catalog. Attackers would need to craft a malicious API request to the affected order\u2011filter endpoints; no additional local privilege or exploitation of other components is required. Based on the description, the attack vector is inferred as an externally reachable API endpoint, and the potential impact is inferred from the arbitrary DQL execution, which could be leveraged to read, modify or delete data from the database, subject to the business logic and other security controls in place."}}}}, "created": "2026-03-11T11:39:18.079841+00:00", "updated": "2026-04-16T09:30:06.047698+00:00", "vendors": ["sylius", "sylius$PRODUCT$sylius"]}