An SQL injection vulnerability affecting Spryker-based webshops was discovered in the order history search form It can be exploited by authenticated attackers in order to retrieve information from the database (eg customer and administrator login information, order details, etc) Depending on the configuration of the webshop, access to the file ...
Spryker Commerce OS with spryker/http module versions prior to 170 suffer from a remote command execution vulnerability due to a predictable value in use ...