CVE-2023-22734: Input Validation
First published: Tue Jan 17 2023(Updated: )
Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This problem has been fixed with version 6.4.18.1. Users are advised to upgrade. Users unable to upgrade may find security measures are available via a plugin for major versions 6.1, 6.2, and 6.3. Users may also disable newsletter registration completely.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Shopware Shopware | <6.4.18.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-22734?
CVE-2023-22734 is a vulnerability in the Shopware commerce platform that allows skipping the complete double opt-in process, leading to inconsistencies in the newsletter system.
What is the severity of CVE-2023-22734?
CVE-2023-22734 has a severity value of 7.5, which is considered high.
How does CVE-2023-22734 affect Shopware?
CVE-2023-22734 affects Shopware versions up to 6.4.18.1, allowing the bypassing of the double opt-in validation in the newsletter system.
How can I fix CVE-2023-22734 in my Shopware installation?
To fix CVE-2023-22734, it is recommended to apply the security update provided by Shopware and ensure you are using a version of Shopware equal to or higher than 6.4.18.1.
Where can I find more information about CVE-2023-22734?
You can find more information about CVE-2023-22734 in the Shopware security update documentation and the associated GitHub advisories.
- collector/nvd-index
- agent/type
- agent/event
- vendor/shopware
- canonical/shopware shopware