Vulnerabilities > Shopware

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-15	CVE-2018-20713	SQL Injection vulnerability in Shopware Shopware before 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404. network low complexity shopware CWE-89	6.5
2019-01-15	CVE-2017-18357	Externally Controlled Reference to a Resource in Another Sphere vulnerability in Shopware Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object. network low complexity shopware CWE-610	4.0
2017-10-16	CVE-2017-15374	Cross-site Scripting vulnerability in Shopware Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. network shopware CWE-79	4.3
2017-04-21	CVE-2016-3109	Improper Input Validation vulnerability in Shopware The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code. network low complexity shopware CWE-20 critical	10.0

Vulnerabilities > Shopware {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Shopware"}]}