Sansec adds support for Sylius 1 & 2
by Sansec Forensics Team
Published in Threat Research − June 01, 2026
eComscan now detects malware, backdoors and vulnerable code on Sylius stores. Here is why Sylius shops need server-side scanning and what we look for.
Sansec is proud to add Sylius to our list of supported platforms. Sansec eComscan now integrates with Sylius 1 and Sylius 2 and will run deep searches to hunt for malware & vulnerabilities.
While Sansec eComscan works on all self-hosted eCommerce platforms, its integration with specific platforms will enable detections where generic security software will never look.
Sansec has investigated eCommerce breaches since 2015. We run the largest forensic practice in the industry and analyze dozens of hacked stores every week. That work feeds our threat intelligence, and that intelligence is what eComscan checks your files against. Sylius now gets the same coverage.
Why Sylius stores need scanning
Sylius is built on Symfony, so it ships with firewalls, role based access and CSRF protection. That foundation is pretty secure already, but it does not make a store immune.
Most breaches we investigate do not break the framework core. They start with stolen credentials, outdated dependencies, or third party code that no free scanner ever reads.
Sylius itself has patched a steady stream of cross site scripting (XSS) flaws. Attackers use XSS to plant payment skimmers and hijack admin sessions:
- CVE-2026-31822: XSS in the checkout login form, reachable by ordinary customers. Fixed in Sylius 2.0.16, 2.1.12 and 2.2.3.
- CVE-2024-34349: stored XSS in the admin panel through the Name field of Taxons, Products, Product Options and Variants. Fixed in 1.12.16 and 1.13.1.
- CVE-2024-29376: XSS through the Province field in the address book.
- Releases before 1.9.10, 1.10.11 and 1.11.2 allowed stored XSS through SVG uploads in the admin panel.
A patched core is only half the job. Stores run payment plugins, marketing integrations and bespoke bundles, and that custom code is where attackers hide. A skimmer in a Twig template or a webshell in a writable directory passes every version check. You have to scan the files on disk.
What eComscan detects on Sylius
eComscan reads every file in your Sylius installation and flags what does not belong:
- Skimmers and card stealers hidden in templates, JavaScript and PHP.
- Webshells and backdoors in
public/,var/and other writable paths. - Known vulnerable plugins and dependencies, matched against Sansec threat intelligence.
- Tampered core and vendor files.
- Cron jobs, droppers and persistence tricks that survive a cleanup.
The scan runs on any Linux based hosting, needs no database changes and does not slow down your storefront.
How to run it
Point eComscan at your Sylius document root and run a scan. The usage guide covers installation and the first scan. For a hardening checklist built for Sylius, see our new Sylius security guide.
Read more
In this article
Protect your store now!
Block all known Magento attacks, while you schedule the latest critical patch until a convenient moment. No more downtime and instability from rushed patching.
Get Sansec ShieldScan your store now
for malware & vulnerabilities
eComscan is the most thorough security scanner for Magento, Adobe Commerce, Shopware, WooCommerce, Sylius and many more.
Learn more
