shopware/shopware is vulnerable to SQL injection attacks. A lack of validation in the newName
, defaultValue
, table
, and name
parameters allow an authenticated user to inject and execute arbitrary SQL commands.
CPE | Name | Operator | Version |
---|---|---|---|
shopware/shopware | le | 5.4.2 |