Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shopware shopware vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-24746
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions it is possible to inject code via the voucher code form. This issue has been patched in version 6.4.8.1. There are no known workarounds for this issue.
Shopware Shopware
5.3
CVSSv3
CVE-2022-24747
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be expo...
Shopware Shopware
7.5
CVSSv3
CVE-2022-24748
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In versions before 6.4.8.2 it is possible to modify customers and to create orders without App Permission. This issue is a result of improper api route checking. Users are a...
Shopware Shopware
5.3
CVSSv3
CVE-2022-36101
Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. These fields are now explicitly unset in version 5.7.15. Users are adv...
Shopware Shopware
7.2
CVSSv3
CVE-2022-36102
Shopware is an open source e-commerce software. In affected versions if backend admin controllers are called with a certain notation, the ACL could be bypassed. Users could execute actions, which they are normally not able to do. Users are advised to update to the current version...
Shopware Shopware
6.1
CVSSv3
CVE-2019-12935
Shopware prior to 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI.
Shopware Shopware
7.5
CVSSv3
CVE-2022-24879
Shopware is an open source e-commerce software platform. Versions before 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixe...
Shopware Shopware
6.5
CVSSv3
CVE-2017-18357
Shopware prior to 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object.
Shopware Shopware
1 EDB exploit
8.8
CVSSv3
CVE-2023-22731
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment **without the Sandbox extension**, it is possible to refer to PHP functions in twig filters like `map`, `filter`, `sort`. This allows a template to call any global PHP functi...
Shopware Shopware
9.8
CVSSv3
CVE-2023-22732
Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into ...
Shopware Shopware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »