GHSA-g8pg-33v4-9r96: 
PHP vulnerability analysis and mitigation

An authentication bypass vulnerability was identified in thelia/thelia project affecting both customer and admin authentication. The vulnerability was present from version 2.1.0-beta1 until version 2.1.3, which contained the fix. The issue was disclosed on April 13, 2015, and received a high severity rating with a CVSS score of 7.5 (GitHub Advisory).

The vulnerability has been assigned GHSA-g8pg-33v4-9r96 and is classified as CWE-287 (Improper Authentication). The vulnerability has a CVSS v3.1 base score of 7.5 (High), with the following metrics: Attack Vector: Network, Attack Complexity: Low, Privileges Required: None, User Interaction: None, Scope: Unchanged, Confidentiality: None, Integrity: High, Availability: None (GitHub Advisory).

The vulnerability allowed unauthorized access to both customer and administrative accounts, potentially compromising the integrity of the system. With a high severity CVSS score of 7.5, the vulnerability posed significant risks to system security, particularly affecting data integrity while not impacting confidentiality or availability (GitHub Advisory).

The vulnerability was fixed in version 2.1.3 and 2.1.3 and 2.2.0-alpha1. Users should upgrade to version 2.1.3 or later to address this security issue (Thelia Blog).