First published: Tue Jan 17 2023(Updated: )
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions It was possible to put the same line item multiple times in the cart using the AP. The Cart Validators checked the line item's individuality and the user was able to bypass quantity limits in sales. This problem has been fixed with version 6.4.18.1. Users on major versions 6.1, 6.2, and 6.3 may also obtain this fix via a plugin.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Shopware Shopware | <6.4.18.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-22730 is a vulnerability in Shopware that allows users to bypass quantity limits in the shopping cart.
CVE-2023-22730 affects Shopware versions up to 6.4.18.1 and allows users to add the same line item multiple times in the cart using the AP.
The severity of CVE-2023-22730 is high, with a CVSS score of 7.5.
To fix CVE-2023-22730, it is recommended to update Shopware to a version that includes the necessary security patches.
More information about CVE-2023-22730 can be found in the official Shopware security update page and the related GitHub links.