shopware/shopware uses an insecure session management. The library does not invalidate session tokens after the user password change, allowing an attacker to gain access to the system if an old session token was obtained.
CPE | Name | Operator | Version |
---|---|---|---|
shopware/shopware | le | v5.7.6 | |
shopware/shopware | le | v5.7.6 |