Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shopware shopware vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-12799
In createInstanceFromNamedArguments in Shopware up to and including 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserializatio...
Shopware Shopware
6.1
CVSSv3
CVE-2019-12935
Shopware prior to 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI.
Shopware Shopware
7.5
CVSSv3
CVE-2021-37707
Shopware is an open source eCommerce platform. Versions before 6.4.3.1 contain a vulnerability that allows manipulation of product reviews via API. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also a...
Shopware Shopware
4.9
CVSSv3
CVE-2021-32716
Shopware is an open source eCommerce platform. In versions before 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regula...
Shopware Shopware
5.5
CVSSv3
CVE-2022-24871
Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version 6.4.10.1. For older versions of ...
Shopware Shopware
6.1
CVSSv3
CVE-2022-24873
Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopw...
Shopware Shopware
7.5
CVSSv3
CVE-2021-32710
Shopware is an open source eCommerce platform. Potential session hijacking of store customers in versions below 6.3.5.2. We recommend to update to the current version 6.3.5.2. You can get the update to 6.3.5.2 regularly via the Auto-Updater or directly via the download overview. ...
Shopware Shopware
5.3
CVSSv3
CVE-2021-32712
Shopware is an open source eCommerce platform. Versions before 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download over...
Shopware Shopware
4.8
CVSSv3
CVE-2021-32713
Shopware is an open source eCommerce platform. Versions before 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the ...
Shopware Shopware
9.8
CVSSv3
CVE-2016-3109
The backend/Login/load/ script in Shopware prior to 5.1.5 allows remote malicious users to execute arbitrary code.
Shopware Shopware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »