Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shopware vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-22408
Shopware is an open headless commerce platform. The implemented Flow Builder functionality in the Shopware application does not adequately validate the URL used when creating the “call webhook” action. This enables malicious users to perform web requests to internal h...
Shopware Shopware
NA
CVE-2024-22407
Shopware is an open headless commerce platform. In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write&...
Shopware Shopware
4
CVSSv2
CVE-2021-32716
Shopware is an open source eCommerce platform. In versions before 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regula...
Shopware Shopware
6.5
CVSSv2
CVE-2020-13970
Shopware prior to 6.2.3 is vulnerable to a Server-Side Request Forgery (SSRF) in its "Mediabrowser upload by URL" feature. This allows an authenticated user to send HTTP, HTTPS, FTP, and SFTP requests on behalf of the Shopware platform server.
Shopware Shopware
5
CVSSv2
CVE-2020-13997
In Shopware prior to 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled.
Shopware Shopware
5
CVSSv2
CVE-2021-37707
Shopware is an open source eCommerce platform. Versions before 6.4.3.1 contain a vulnerability that allows manipulation of product reviews via API. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also a...
Shopware Shopware
7.5
CVSSv2
CVE-2021-37708
Shopware is an open source eCommerce platform. Versions before 6.4.3.1 contain a command injection vulnerability in mail agent settings. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available vi...
Shopware Shopware
3.5
CVSSv2
CVE-2021-37710
Shopware is an open source eCommerce platform. Versions before 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available vi...
Shopware Shopware
6.5
CVSSv2
CVE-2018-20713
Shopware prior to 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404.
Shopware Shopware
4
CVSSv2
CVE-2017-18357
Shopware prior to 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object.
Shopware Shopware
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »