An SQL injection vulnerability affecting Spryker-based webshops was discovered in the order history search form It can be exploited by authenticated attackers in order to retrieve information from the database (eg customer and administrator login information, order details, etc) Depending on the configuration of the webshop, access to the file ...