shopware uses insecure session management. The library does not log out user sessions after the user password change using password recovery, allowing an attacker to gain access to the system if an old session token was obtained.
CPE | Name | Operator | Version |
---|---|---|---|
shopware/platform | le | 6.4.8.0 | |
shopware/core | le | 6.4.8.0 | |
shopware/platform | le | 6.4.8.0 | |
shopware/core | le | 6.4.8.0 |