Latest shopware shopware Vulnerabilities

CVE-2024-22406
Blind SQL-injection in DAL aggregations in Shopware
composer/shopware/platform<=6.5.7.3
composer/shopware/core<=6.5.7.3
Shopware Shopware<6.5.7.4
CVE-2024-22407
Broken Access Control order API in Shopware
composer/shopware/platform<=6.5.7.3
composer/shopware/core<=6.5.7.3
Shopware Shopware<6.5.7.4
CVE-2024-22408
Server-Side Request Forgery (SSRF) in Shopware Flow Builder
Shopware Shopware<6.5.7.4
CVE-2023-34099
Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the ...
Shopware Shopware>=5.1.4<=5.7.17
composer/shopware/shopware>=5.1.4<=5.7.17
>=5.1.4<=5.7.17
CVE-2022-48150
Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the recovery/install/ URI.
Shopware Shopware=5.5.10
CVE-2023-2017
Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with a...
Shopware Shopware>=6.1.0<=6.4.20.0
Shopware Shopware=6.5.0.0-rc1
Shopware Shopware=6.5.0.0-rc2
Shopware Shopware=6.5.0.0-rc3
CVE-2023-22732
Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could...
Shopware Shopware<6.4.18.1
CVE-2023-22734
Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double op...
Shopware Shopware<6.4.18.1
CVE-2023-22733
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the lo...
Shopware Shopware<6.4.18.1
CVE-2023-22731
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment **without the Sandbox extension**, it is possible to refer to PHP functions in twig filters li...
Shopware Shopware<6.4.18.1
CVE-2023-22730
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions It was possible to put the same line item multiple times in the cart using the AP. The Cart Val...
Shopware Shopware<6.4.18.1
CVE-2022-36101
Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the se...
Shopware Shopware>=5.0.0<5.7.15
CVE-2022-36102
Shopware is an open source e-commerce software. In affected versions if backend admin controllers are called with a certain notation, the ACL could be bypassed. Users could execute actions, which they...
Shopware Shopware>=5.0.0<5.7.15
CVE-2022-31148
Shopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting (XSS) vulnerability exists in the customer module. Users are recommend to update to the current...
Shopware Shopware>=5.7.0<5.7.14
CVE-2022-24892
Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the...
Shopware Shopware>=5.0.4<5.7.9
CVE-2022-24879
Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the C...
Shopware Shopware>=5.2.0<5.7.9
CVE-2022-24873
Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. User...
Shopware Shopware>=5.0.0<5.7.9
CVE-2022-24872
Shopware is an open commerce platform based on Symfony Framework and Vue. Permissions set to sales channel context by admin-api are still usable within normal user session. Users are advised to update...
Shopware Shopware<6.4.10.1
CVE-2022-24871
Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Use...
Shopware Shopware<6.4.10.1
CVE-2022-24745
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. ...
Shopware Shopware<6.4.8.2
CVE-2022-24746
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions it is possible to inject code via the voucher code form. This issue has ...
Shopware Shopware<6.4.8.1
CVE-2022-24747
Shopware Shopware<6.4.8.2
CVE-2022-24744
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password r...
Shopware Shopware<6.4.8.1
CVE-2022-21651
Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. Th...
Shopware Shopware>=5.0.0<5.7.7
CVE-2022-21652
Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation ...
Shopware Shopware>=5.7.3<5.7.7
CVE-2021-41188
Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the secu...
Shopware Shopware<5.7.6
CVE-2021-37711
Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, an...
Shopware Shopware>=6.1.0<6.4.3.1
CVE-2021-37710
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older ve...
Shopware Shopware<6.4.3.1
CVE-2021-37709
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3....
Shopware Shopware<6.4.3.1
CVE-2021-37708
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a command injection vulnerability in mail agent settings. Version 6.4.3.1 contains a patch. As workarounds for older ve...
Shopware Shopware>=6.1.0<6.4.3.1
CVE-2021-37707
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability that allows manipulation of product reviews via API. Version 6.4.3.1 contains a patch. As workarounds f...
Shopware Shopware>=6.1.0<6.4.3.1
CVE-2021-32717
Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first ch...
Shopware Shopware>=6.1.0<6.4.1.1
CVE-2021-32716
Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users ar...
Shopware Shopware>=6.1.0<6.4.1.1
CVE-2021-32713
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. Yo...
Shopware Shopware>=5.0.0<5.6.10
CVE-2021-32712
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the...
Shopware Shopware>=5.0.0<5.6.10
CVE-2021-32711
Shopware is an open source eCommerce platform. Versions prior to 6.3.5.1 may leak of information via Store-API. The vulnerability could only be fixed by changing the API system, which involves a non-b...
Shopware Shopware<6.3.5.1
CVE-2021-32710
Shopware is an open source eCommerce platform. Potential session hijacking of store customers in versions below 6.3.5.2. We recommend to update to the current version 6.3.5.2. You can get the update t...
Shopware Shopware<6.3.5.2
CVE-2020-13970
Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery (SSRF) in its "Mediabrowser upload by URL" feature. This allows an authenticated user to send HTTP, HTTPS, FTP, and SFTP requests o...
Shopware Shopware<6.2.3
CVE-2020-13997
In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled.
Shopware Shopware<6.2.3
CVE-2020-13971
In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be ...
composer/shopware/platform<6.2.3
Shopware Shopware<6.2.3
CVE-2019-12935
Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI.
Shopware Shopware<5.5.8
CVE-2019-12799
In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right...
<=5.6.0
Shopware Shopware<=5.6.0
composer/shopware/shopware>=5.3.0<=5.6.0
CVE-2017-18357
Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via...
Shopware Shopware<5.3.4
CVE-2018-20713
Shopware before 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404.
Shopware Shopware<5.4.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203