shopware/shopware is vulnerable to information disclosure. The vulnerability exists in getCustomer
function in Customer.php
because the hashed passwords and session IDs are exposed in the customer detail view which allows an attacker to gain access to sensitive information and perform unauthorized actions.
CPE | Name | Operator | Version |
---|---|---|---|
shopware/shopware | le | v5.7.14 | |
shopware/shopware | le | v5.7.14 |