1 results (0.001 seconds)
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-24956
https://notcve.org/view.php?id=CVE-2022-24956
An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote authenticated attacker to dump the underlying database. Se ha detectado un problema en Shopware B2B-Suite versiones hasta 4.4.1. • https://syss.de https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-018.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •