1 results (0.012 seconds)

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1

An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote authenticated attacker to dump the underlying database. Se ha detectado un problema en Shopware B2B-Suite versiones hasta 4.4.1. • https://syss.de https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-018.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •