5 matches found
CVE-2026-23498
Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...
CVE-2026-23498 Shopware Improper Control of Generation of Code in Twig rendered views
Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...
CVE-2026-23498 Shopware Improper Control of Generation of Code in Twig rendered views
Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...
PT-2026-2949
Name of the Vulnerable Software and Affected Versions Shopware versions 6.7.0.0 through 6.7.6.0 Description A regression of a previously addressed issue allows the execution of unchecked PHP Closures within the map override function. This occurs due to insufficient validation of allowed functions...
SQL Injection
Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to SQL Injection through the aggregations object. An attacker can manipulate the SQL queries and potentially access or alter data by injecting malicious SQL code into the name field...