Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shopware vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-32710
Shopware is an open source eCommerce platform. Potential session hijacking of store customers in versions below 6.3.5.2. We recommend to update to the current version 6.3.5.2. You can get the update to 6.3.5.2 regularly via the Auto-Updater or directly via the download overview. ...
Shopware Shopware
6.5
CVSSv3
CVE-2023-22733
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized logging store may have access to other users ac...
Shopware Shopware
5.4
CVSSv3
CVE-2022-31148
Shopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting (XSS) vulnerability exists in the customer module. Users are recommend to update to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater...
Shopware Shopware
6.5
CVSSv3
CVE-2017-18357
Shopware prior to 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object.
Shopware Shopware
1 EDB exploit
9.8
CVSSv3
CVE-2016-3109
The backend/Login/load/ script in Shopware prior to 5.1.5 allows remote malicious users to execute arbitrary code.
Shopware Shopware
9.8
CVSSv3
CVE-2021-37708
Shopware is an open source eCommerce platform. Versions before 6.4.3.1 contain a command injection vulnerability in mail agent settings. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available vi...
Shopware Shopware
5.4
CVSSv3
CVE-2021-37710
Shopware is an open source eCommerce platform. Versions before 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available vi...
Shopware Shopware
8.8
CVSSv3
CVE-2021-37711
Versions before 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.
Shopware Shopware
8.8
CVSSv3
CVE-2020-13970
Shopware prior to 6.2.3 is vulnerable to a Server-Side Request Forgery (SSRF) in its "Mediabrowser upload by URL" feature. This allows an authenticated user to send HTTP, HTTPS, FTP, and SFTP requests on behalf of the Shopware platform server.
Shopware Shopware
5.4
CVSSv3
CVE-2020-13971
In Shopware prior to 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication.
Shopware Shopware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »