CVE-2022-24956
CVE-2022-24956 describes an SQL injection vulnerability in Shopware B2B-Suite (versions up to 4.4.1) where the sort-by parameter in the search functionality of the b2border and b2borderlist endpoints is injectable. The underlying cause is unsafe handling/validation of input in the sort-by field, ...