logo

Database

SQL injection - Code In shopware/shopware

Description

Shopware SQL Injection Shopware before 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-207132. NVD-2018-207133. OSV-2018-207134. GCVE-2018-20713

References

1. https://github.com/shopware5/shopware/commit/73cb46727050e28a0d7c2cf8471baaa3eaf2e5e82. https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-05-2018

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.