12 matches found
CVE-2026-48010
Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, UserController::upsertUser in src/Core/Framework/Api/Controller/UserController.php writes raw user data in SYSTEMSCOPE without filtering the admin field, so a non-admin API user with user:create or user:update ACL permission...
EUVD-2026-45241
Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the order state transition features /api/action/order/orderId/state/transition and similar transaction and delivery transition routes in src/Core/Checkout/Order/Api/OrderActionController.php do not declare...
CVE-2026-48014
Summary: CVE-2026-48014 affects Shopware open commerce platforms prior to 6.6.10.18 and 6.7.10.1, where Admin API order state transition routes (/api/_action/order/{orderId}/state/{transition} and related endpoints) could bypass ACL checks. The routes did not declare PlatformRequest::ATTRIBUTE_AC...
EUVD-2026-45239
Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the Store API endpoint /store-api/handle-payment in src/Core/Checkout/Payment/SalesChannel/HandlePaymentMethodRoute.php accepts a user-controlled orderId and forwards it to src/Core/Checkout/Payment/PaymentProcessor.php witho...
CVE-2026-48011 Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames
Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.18 and 6.7.10.1 fix the issue...
CVE-2026-48011 Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames
Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.18 and 6.7.10.1 fix the issue...
CVE-2026-48011
Summary of CVE-2026-48011 (Shopware) : A timing-attack in the admin authentication flow enables an attacker to enumerate administrator usernames. The issue is in the OAuth user lookup path (UserRepository::getUserEntityByUserCredentials). If a username is not found, the code returns quickly; if f...
User Impersonation
Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to User Impersonation via the handle-payment endpoint. An attacker can trigger payment flows for orders belonging to other users by supplying a valid...
Missing Authorization
Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Missing Authorization in the orderStateTransition process. An attacker can modify order states without proper privileges by sending crafted API reques...
Improper Privilege Management
Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Improper Privilege Management via the upsertUser function. An attacker can gain unauthorized administrative privileges by creating or updating user...
Missing Authorization
Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Missing Authorization via the Sync API process. An attacker can gain unauthorized administrative privileges by creating an integration with elevated...
Missing Authorization
Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to Missing Authorization via the Sync API process. An attacker can gain unauthorized administrative privileges by creating an integration with elevated permissions through direct API calls,...