CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22406 – Blind SQL-injection in DAL aggregations in Shopware
https://notcve.org/view.php?id=CVE-2024-22406
Shopware is an open headless commerce platform. The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations” object. The ‘name’ field in this “aggregations” object is vulnerable SQL-injection and can be exploited using time-based SQL-queries. This issue has been addressed and users are advised to update to Shopware 6.5.7.4. • https://github.com/shopware/shopware/security/advisories/GHSA-qmp9-2xwj-m6m9 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22407 – Broken Access Control order API in Shopware
https://notcve.org/view.php?id=CVE-2024-22407
Shopware is an open headless commerce platform. In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for orders are still able to change the order state. This issue has been addressed and users are advised to update to Shopware 6.5.7.4. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. • https://github.com/shopware/shopware/security/advisories/GHSA-3867-jc5c-66qf • CWE-284: Improper Access Control •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22408 – Server-Side Request Forgery (SSRF) in Shopware Flow Builder
https://notcve.org/view.php?id=CVE-2024-22408
Shopware is an open headless commerce platform. The implemented Flow Builder functionality in the Shopware application does not adequately validate the URL used when creating the “call webhook” action. This enables malicious users to perform web requests to internal hosts. This issue has been fixed in the Commercial Plugin release 6.5.7.4 or with the Security Plugin. For installations with Shopware 6.4 the Security plugin is recommended to be installed and up to date. • https://github.com/shopware/shopware/security/advisories/GHSA-3535-m8vh-vrmw • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-2017 – Improper Control of Generation of Code in Twig Rendered Views in Shopware
https://notcve.org/view.php?id=CVE-2023-2017
Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in `Shopware\Core\Framework\Adapter\Twig\SecurityExtension` and call any arbitrary PHP function and thus execute arbitrary code/commands via usage of fully-qualified names, supplied as array of strings, when referencing callables. Users are advised to upgrade to v6.4.20.1 to resolve this issue. This is a bypass of CVE-2023-22731. • https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2023 https://github.com/shopware/platform/security/advisories/GHSA-7v2v-9rm4-7m8f https://starlabs.sg/advisories/23/23-2017 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-184: Incomplete List of Disallowed Inputs CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22733 – Improper Output Neutralization in Log Module in shopware
https://notcve.org/view.php?id=CVE-2023-22733
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized logging store may have access to other users accounts. This issue has been addressed in version 6.4.18.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. • https://developer.shopware.com/docs/guides/hosting/performance/performance-tweaks#logging https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates https://github.com/shopware/platform/commit/407a83063d7141c1a626441799c3ebef79498c07 https://github.com/shopware/platform/security/advisories/GHSA-7cp7-jfp6-jh4f • CWE-532: Insertion of Sensitive Information into Log File •