9 matches found
Incorrect Authorization
Shopware is vulnerable to Incorrect Authorization. The vulnerability is due to insufficient validation of filter types in the store-api.order endpoint, which allows an attacker to access orders belonging to other customers without authentication...
Unauthorized Data Access
Shopware is vulnerable to unauthorized data access. The vulnerability is due to an insufficient check on filter types for unauthenticated customers, where the deepLinkCode support on the store-api.order endpoint fails to enforce proper authorization and attackers can retrieve other customers' ord...
Incorrect Authorization
Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient validation of filter types in the store-api.order endpoint. An attacker can access order data belonging to...
GHSA-7VVP-J573-5584 Shopware: Unauthenticated data extraction possible through store-api.order endpoint
Summary An insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. Details Data Exposure Depending on the order payload configuration, attackers may retrieve: -...
Shopware: Unauthenticated data extraction possible through store-api.order endpoint
Summary An insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. Details Data Exposure Depending on the order payload configuration, attackers may retrieve: -...
CVE-2026-31887
Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8...
CVE-2026-31887 Shopware unauthenticated data extraction possible through store-api.order endpoint
Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8...
CVE-2026-31887 Shopware unauthenticated data extraction possible through store-api.order endpoint
Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8...
CVE-2026-31887
Shopware (open commerce platform) contains a vulnerability in prior releases: before 6.7.8.1 and 6.6.10.15, an insufficient check on filter types for unauthenticated customers on the store-api.order endpoint (deepLinkCode) can allow access to other customers’ orders. This is fixed in 6.7.8.1 and ...