Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shopware vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2016-3109
The backend/Login/load/ script in Shopware prior to 5.1.5 allows remote malicious users to execute arbitrary code.
Shopware Shopware
7.5
CVSSv2
CVE-2021-37708
Shopware is an open source eCommerce platform. Versions before 6.4.3.1 contain a command injection vulnerability in mail agent settings. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available vi...
Shopware Shopware
6.8
CVSSv2
CVE-2022-24892
Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an malicious user to take over the victim&...
Shopware Shopware
6.5
CVSSv2
CVE-2021-37711
Versions before 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.
Shopware Shopware
6.5
CVSSv2
CVE-2020-13970
Shopware prior to 6.2.3 is vulnerable to a Server-Side Request Forgery (SSRF) in its "Mediabrowser upload by URL" feature. This allows an authenticated user to send HTTP, HTTPS, FTP, and SFTP requests on behalf of the Shopware platform server.
Shopware Shopware
6.5
CVSSv2
CVE-2019-12799
In createInstanceFromNamedArguments in Shopware up to and including 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserializatio...
Shopware Shopware
6.5
CVSSv2
CVE-2018-20713
Shopware prior to 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404.
Shopware Shopware
6.4
CVSSv2
CVE-2020-28199
best it Amazon Pay Plugin prior to 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor.
Bestit Amazon Pay
5.8
CVSSv2
CVE-2022-24745
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish a...
Shopware Shopware
5.8
CVSSv2
CVE-2022-21651
Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is no workaround and users ar...
Shopware Shopware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
client side
CVE-2021-47601
deserialization
CVE-2024-34994
encryption
CVE-2021-47609
CVE-2024-37079
CVE-2024-38608
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »