CVE-2025-29788 | Sylius PayPalPlugin up to 1.6.0/1.7.0/2.0.0 Shopping Cart external control of assumed-immutable web parameter
A vulnerability was found in Sylius PayPalPlugin up to 1.6.0/1.7.0/2.0.0. It has been declared as problematic. This vulnerability affects unknown code of the component Shopping Cart Handler. The manipulation leads to external control of assumed-immutable web parameter.
This vulnerability was named CVE-2025-29788. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.