shopware/platform uses an insecure session management. The application does not invalidate session tokens upon log out. This allows an attacker to gain access to the application if an old session token was obtained.
CPE | Name | Operator | Version |
---|---|---|---|
shopware/platform | le | 6.3.5.1 |