5 matches found
Insecure Default Initialization of Resource
Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the default newsletter opt-in settings. An attacker can abuse the system for mass unsolicited newslett...
Shopware 安全漏洞
Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware versions prior to 6.6.10.3 and prior to 6.5.8.17, which stems from a default setting that allows unconfirmed bulk news subscriptions...
SQL Injection
Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to SQL Injection through the aggregations object. An attacker can manipulate the SQL queries and potentially access or alter data by injecting malicious SQL code into the name field...
CVE-2025-30151 Shopware allows Denial Of Service via password length
Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin...
PT-2025-15898 · Packagist · Shopware/Core +1
Impact It's possible to guess the deepLinkCode of an Document to open documents of other customers Patches Update to Shopware 6.6.10.3 or 6.5.8.17 Workarounds For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend...