2 matches found
CVE-2022-24892
CVE-2022-24892 (Shopware) affects Shopware 5.x versions, specifically starting with 5.0.4 up to but before 5.7.9. The issue allows requesting multiple password-reset tokens, and all tokens could be used to change the password, enabling an attacker to take over a victim’s account if they gain acce...
CVE-2022-24892 Multiple valid tokens for password reset in Shopware
Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim's account if they someh...