Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShopware
APPShopware< 6.6.10.156.7.0.0 – 6.7.8.1 (bez)
Powiązane podatności
SQL injection w API wyszukiwania Shopware przez pole 'name' agregacji
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment **wi...
Shopware is an open source eCommerce platform. Versions prior to 6.3.5.1 may leak of information via Store-API...
The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code.
Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app reg...