📦 Shopware
by Shopware
🔍 What is Shopware?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This CVE describes a SQL injection vulnerability in Shopware's API search functionality. Attackers can exploit the 'name' field in aggregations parameters to execute arbitrary SQL queries, potentially...
This CVE describes a code injection vulnerability in Shopware's map() function where PHP Closures can bypass allow-list validation. It affects Shopware installations from version 6.7.0.0 to before 6.7...
A race condition vulnerability in Shopware's voucher system allows attackers to bypass voucher restrictions and exceed usage limits. This affects Shopware v6.6.10.4 installations, potentially allowing...
Shopware's sw_silent_feature_call Twig tag has improper input escaping, allowing code execution through the feature flag name parameter. This affects all Shopware installations prior to versions 6.6.5...
This CVE describes a SQL injection vulnerability in Shopware's application API search functionality. Attackers can exploit the 'name' field in the 'aggregations' object to execute arbitrary SQL comman...
This vulnerability in Shopware allows session fixation attacks where cached 404 pages inadvertently expose session cookies to subsequent users. Attackers can hijack user sessions when accessing cached...
This vulnerability in Shopware's Flow Builder allows attackers to bypass URL validation in webhook actions, enabling Server-Side Request Forgery (SSRF) attacks. Malicious users can send requests to in...
Shopware versions before 5.7.9 have a CSRF token validation flaw that allows attackers to bypass CSRF protection. This enables unauthorized actions to be performed on behalf of authenticated users. Al...
CVE-2022-24872 is an incorrect permission assignment vulnerability in Shopware where permissions granted via admin API in sales channel context remain active in normal user sessions. This allows authe...
CVE-2022-24871 is a server-side request forgery (SSRF) vulnerability in Shopware's Admin SDK functionality that allows attackers to read or update internal resources. This affects Shopware 6 installat...
This CVE describes a Cross-Site Scripting (XSS) vulnerability in Shopware eCommerce platform that allows attackers to inject malicious scripts via SVG media files. When exploited, this can lead to ses...