Vulnerabilities > Shopware

DATE CVE VULNERABILITY TITLE RISK
2024-01-16 CVE-2024-22406 SQL Injection vulnerability in Shopware
Shopware is an open headless commerce platform.
network
low complexity
shopware CWE-89
critical
9.8
2024-01-16 CVE-2024-22407 Improper Access Control vulnerability in Shopware
Shopware is an open headless commerce platform.
network
low complexity
shopware CWE-284
6.5
2024-01-16 CVE-2024-22408 Server-Side Request Forgery (SSRF) vulnerability in Shopware
Shopware is an open headless commerce platform.
network
low complexity
shopware CWE-918
8.1
2023-06-27 CVE-2023-34098 Information Exposure vulnerability in Shopware
Shopware is an open source e-commerce software.
network
low complexity
shopware CWE-200
5.3
2023-06-27 CVE-2023-34099 Improper Check for Unusual or Exceptional Conditions vulnerability in Shopware
Shopware is an open source e-commerce software.
network
low complexity
shopware CWE-754
5.3
2023-04-21 CVE-2022-48150 Cross-site Scripting vulnerability in Shopware 5.5.10
Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the recovery/install/ URI.
network
low complexity
shopware CWE-79
6.1
2023-04-17 CVE-2023-2017 Code Injection vulnerability in Shopware
Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in `Shopware\Core\Framework\Adapter\Twig\SecurityExtension` and call any arbitrary PHP function and thus execute arbitrary code/commands via usage of fully-qualified names, supplied as array of strings, when referencing callables.
network
low complexity
shopware CWE-94
8.8
2023-02-03 CVE-2023-23941 Unspecified vulnerability in Shopware Swagpaypal
SwagPayPal is a PayPal integration for shopware/platform.
network
low complexity
shopware
7.5
2023-01-17 CVE-2023-22730 Improper Input Validation vulnerability in Shopware
Shopware is an open source commerce platform based on Symfony Framework and Vue js.
network
low complexity
shopware CWE-20
7.5
2023-01-17 CVE-2023-22731 Code Injection vulnerability in Shopware
Shopware is an open source commerce platform based on Symfony Framework and Vue js.
network
low complexity
shopware CWE-94
8.8