2 matches found
CVE-2022-24748 Incorrect Authentication in shopware
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In versions prior to 6.4.8.2 it is possible to modify customers and to create orders without App Permission. This issue is a result of improper api route checking. Users are advised to upgra...
CVE-2022-24748
CVE-2022-24748 affects Shopware: before version 6.4.8.2, an improper API route check allows modifying customers and creating orders without App Permission. Root cause: inadequate authorization in API routing. Impact: unauthorized actions with no privileges; no exploitation details provided in the...