An issue exists in Shopware B2B-Suite up to and including 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote authenticated malicious user to dump the underlying database.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
shopware b2b suite |