Vulnerabilities > Shopware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-08 | CVE-2024-42356 | Code Injection vulnerability in Shopware Shopware is an open commerce platform. | 7.2 |
| 2024-01-16 | CVE-2024-22408 | Server-Side Request Forgery (SSRF) vulnerability in Shopware Shopware is an open headless commerce platform. | 8.1 |
| 2023-04-17 | CVE-2023-2017 | Code Injection vulnerability in Shopware Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in `Shopware\Core\Framework\Adapter\Twig\SecurityExtension` and call any arbitrary PHP function and thus execute arbitrary code/commands via usage of fully-qualified names, supplied as array of strings, when referencing callables. | 8.8 |
| 2023-02-03 | CVE-2023-23941 | Unspecified vulnerability in Shopware Swagpaypal SwagPayPal is a PayPal integration for shopware/platform. | 7.5 |
| 2023-01-17 | CVE-2023-22730 | Improper Input Validation vulnerability in Shopware Shopware is an open source commerce platform based on Symfony Framework and Vue js. | 7.5 |
| 2023-01-17 | CVE-2023-22731 | Code Injection vulnerability in Shopware Shopware is an open source commerce platform based on Symfony Framework and Vue js. | 8.8 |
| 2023-01-17 | CVE-2023-22734 | Improper Input Validation vulnerability in Shopware Shopware is an open source commerce platform based on Symfony Framework and Vue js. | 7.5 |
| 2022-03-09 | CVE-2022-24748 | Incorrect Authorization vulnerability in Shopware Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. | 7.5 |
| 2021-06-24 | CVE-2021-32717 | Incorrect Permission Assignment for Critical Resource vulnerability in Shopware Shopware is an open source eCommerce platform. | 7.5 |
| 2019-06-13 | CVE-2019-12799 | Deserialization of Untrusted Data vulnerability in Shopware In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. | 8.8 |