FroshAdminer Adminer UI is accessible without admin session

Summary Unauthenticated access to Adminer UI Details The Adminer route /admin/adminer was accessible without Shopware admin authentication. The route was configured with authrequired=false and performed no session validation, exposing the Adminer UI to unauthenticated users. Note: Database access...

CVE-2026-25878

FroshAdminer is the Adminer plugin for Shopware Platform. Prior to 2.2.1, the Adminer route /admin/adminer was accessible without Shopware admin authentication. The route was configured with authrequired=false and performed no session validation, exposing the Adminer UI to unauthenticated users...

PT-2026-7163

Name of the Vulnerable Software and Affected Versions FroshAdminer versions prior to 2.2.1 Description The Adminer route '/admin/adminer' within the FroshAdminer plugin for Shopware Platform was accessible without requiring Shopware admin authentication. The route was configured without...

CVE-2025-5095

Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. A password change request can be sent directly to the device's HTTP endpoint without providing valid credentials. The system does not enforc...