Lucene search
+L

8 matches found

NVD
NVD
added yesterday5 views

CVE-2026-48016

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the Store API endpoint /store-api/handle-payment in src/Core/Checkout/Payment/SalesChannel/HandlePaymentMethodRoute.php accepts a user-controlled orderId and forwards it to src/Core/Checkout/Payment/PaymentProcessor.php witho...

4.3CVSS0.0005EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday6 views

CVE-2026-48016 Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the Store API endpoint /store-api/handle-payment in src/Core/Checkout/Payment/SalesChannel/HandlePaymentMethodRoute.php accepts a user-controlled orderId and forwards it to src/Core/Checkout/Payment/PaymentProcessor.php witho...

4.3CVSS0.0005EPSS
Exploits0References5
EUVD
EUVD
added yesterday3 views

EUVD-2026-45239

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the Store API endpoint /store-api/handle-payment in src/Core/Checkout/Payment/SalesChannel/HandlePaymentMethodRoute.php accepts a user-controlled orderId and forwards it to src/Core/Checkout/Payment/PaymentProcessor.php witho...

4.3CVSS5.3AI score0.0005EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/04 7:33 p.m.5 views

User Impersonation

Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to User Impersonation via the handle-payment endpoint. An attacker can trigger payment flows for orders belonging to other users by supplying a valid foreign orderId, potentially causing...

5.3CVSS5.8AI score0.0005EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/04 7:33 p.m.4 views

User Impersonation

Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to User Impersonation via the handle-payment endpoint. An attacker can trigger payment flows for orders belonging to other users by supplying a valid...

5.3CVSS5.8AI score0.0005EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 7:33 p.m.11 views

GHSA-9V5M-39WH-5CHQ Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment

Summary The Shopware Store API endpoint /store-api/handle-payment contains an object-level authorization flaw that allows a low-privileged external user with a normal customer or guest context to trigger the payment flow for another user’s order by supplying a foreign orderId. The affected...

4.3CVSS5.7AI score0.0005EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/04 7:33 p.m.15 views

Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment

Summary The Shopware Store API endpoint /store-api/handle-payment contains an object-level authorization flaw that allows a low-privileged external user with a normal customer or guest context to trigger the payment flow for another user’s order by supplying a foreign orderId. The affected...

4.3CVSS5.7AI score0.0005EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.16 views

PT-2026-46892

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 6.6.10.18 Shopware versions prior to 6.7.10.1 Description An object-level authorization flaw exists in the Store API endpoint '/store-api/handle-payment' within the HandlePaymentMethodRoute.php and PaymentProcessor.p...

4.3CVSS5.3AI score0.0005EPSS
Exploits0References8
Rows per page
Query Builder