shopware/shopware is vulnerable to cross-site request forgery. The vulnerability exists in CSRFTokenValidator.php
due to the lack of validation in csrf token which allows an attacker to make changes to the system as a legitimate user.
CPE | Name | Operator | Version |
---|---|---|---|
shopware/shopware | le | v5.7.8 | |
shopware/shopware | le | v5.7.8 |
docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022
github.com/shopware/shopware/commit/e27d5c5f6d5a87e0b71f5474f2d058226e10704a
github.com/shopware/shopware/releases/tag/v5.7.9
github.com/shopware/shopware/security/advisories/GHSA-pf38-v6qj-j23h
www.shopware.com/en/changelog-sw5/#5-7-9