pkg:Packagist/shopware/core

所有已知漏洞

• CRITICAL9.8CVE-2023-22731Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
  from 0, < 6.4.18.1
• CRITICAL9.3CVE-2024-22406Blind SQL injection in shopware
  from 0, < 6.5.7.4
• HIGH8.9CVE-2026-31889Shopware vulnerable to a potential take over of app credentials
  >= 6.7.0.0, < 6.7.8.1
• HIGH8.8CVE-2023-2017Shopware Has Improper Control of Generation of Code in Twig rendered views
  from 0, < 6.4.20.1
• HIGH8.8CVE-2021-37708Command injection in mail agent settings
  from 0, < 6.4.3.1
• HIGH8.8CVE-2021-37711Authenticated server-side request forgery in file upload via URL.
  from 0, < 6.4.3.1
• HIGH8.3CVE-2024-42356Shopware vulnerable to Server Side Template Injection in Twig using Context functions
  from 0, < 6.5.8.13
• HIGH8.3CVE-2024-42355Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag
  from 0, < 6.5.8.13
• HIGH8.1CVE-2022-24872Improper Access Control in Shopware
  from 0, < 6.4.10.1
• HIGH8.0CVE-2021-37710Cross-Site Scripting via SVG media files
  from 0, < 6.4.3.1
• HIGH7.5CVE-2025-30151Shopware allows Denial Of Service via password length
  >= 6.6.0.0, < 6.6.10.3
• HIGH7.5CVE-2020-13997Shopware database password is leaked to an unauthenticated users
  >= 6.0.0, < 6.2.3
• HIGH7.5CVE-2021-32717Private files publicly accessible with Cloud Storage providers
  from 0, < 6.4.1.1
• HIGH7.3CVE-2025-27892Shopware Vulnerable to Blind SQL-injection in DAL aggregations
  >= 6.7.0.0-rc1, < 6.7.0.0-rc2
• HIGH7.3CVE-2024-42357Shopware vulnerable to blind SQL-injection in DAL aggregations
  from 0, < 6.5.8.13
• HIGH7.2CVE-2026-23498Shopware Has Improper Control of Generation of Code in Twig rendered views
  >= 6.7.0.0, < 6.7.6.1
• HIGH7.2CVE-2022-24871Server-Side Request Forgery (SSRF) in Shopware
  from 0, < 6.4.10.1
• MEDIUM6.8CVE-2022-24748Incorrect Authentication in shopware
  from 0, < 6.4.8.2
• MEDIUM6.5CVE-2021-37709Insecure direct object reference of log files of the Import/Export feature
  from 0, < 6.4.3.1
• MEDIUM6.5CVE-2021-37707Manipulation of product reviews via API
  from 0, < 6.4.3.1
• MEDIUM6.3CVE-2023-22730Shopware vulnerable to Improper Input Validation of Clearance sale in cart
  from 0, < 6.4.18.1
• MEDIUM6.3CVE-2022-24747HTTP caching is marking private HTTP headers as public in Shopware
  from 0, < 6.4.8.2
• MEDIUM6.1CVE-2022-24746HTML injection possibility in voucher code form in Shopware
  from 0, < 6.4.8.1
• MEDIUM5.3CVE-2026-31888Shopware has user enumeration via distinct error codes on Store API login endpoint
  >= 6.7.0.0, < 6.7.8.1
• MEDIUM5.3CVE-2025-32378Shopware default newsletter opt-in settings allow for mass sign-up abuse
  >= 6.6.0.0-rc1, < 6.6.10.3
• MEDIUM5.3CVE-2025-30150Shopware 6 allows attackers to check for registered accounts through the store-api
  >= 6.6.0.0, < 6.6.10.3
• MEDIUM5.3CVE-2024-42354Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api
  from 0, < 6.5.8.13
• MEDIUM5.3CVE-2024-31447Shopware Improper Session Handling in store-api account logout
  >= 6.3.5.0, < 6.5.8.8
• MEDIUM4.9CVE-2024-22407Broken Access Control order API in Shopware
  from 0, < 6.5.7.4
• MEDIUM4.9CVE-2021-32709Creation of order credits was not validated by acl in admin orders
  from 0, < 6.4.1.1
• MEDIUM4.4CVE-2021-32716Internal hidden fields are visible on to many associations in admin api
  from 0, < 6.4.1.1
• MEDIUM4.3CVE-2023-22734Shopware has Improper Input Validation issue in newsletter subscription
  from 0, < 6.4.18.1
• LOW3.7CVE-2023-22732Shopware has Insufficient Session Expiration in Administration
  from 0, < 6.4.18.1
• LOW2.7CVE-2023-22733Shopware's log module vulnerable to Improper Output Neutralization
  from 0, < 6.4.18.1
• LOW2.6CVE-2022-24744Shopware user session is not logged out if the password is reset via password recovery
  from 0, < 6.4.8.1
• —CVE-2026-31887Shopware: Unauthenticated data extraction possible through store-api.order endpoint
  >= 6.7.0.0, < 6.7.8.1