Lucene search

PRIOn knowledge basePRION:CVE-2023-27568

HistoryMay 04, 2023 - 2:15 a.m.

Sql injection

2023-05-0402:15:00

PRIOn knowledge base

www.prio-n.com

sql injection

spryker commerce os

sensitive data

customer order

nvd

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.8%

SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchForm[searchText]=

CPENameOperatorVersion
commerce_oseq0.9

CPE	Name	Operator	Version
	commerce_os	eq	0.9

References

packetstormsecurity.com/files/172257/Spryker-Commerce-OS-1.0-SQL-Injection.html

seclists.org/fulldisclosure/2023/May/2

www.schutzwerk.com/advisories/SCHUTZWERK-SA-2023-001.txt

www.schutzwerk.com/blog/schutzwerk-sa-2023-001/