CVE-2022-24748

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 6.4.8.2

Description The issue is a result of improper API route checking, allowing modification of customers and creation of orders without App Permission. This affects Shopware, an open commerce platform based on the Symfony php Framework and the Vue javascript framework.

Recommendations For versions prior to 6.4.8.2, upgrade to version 6.4.8.2 to resolve the issue. For older versions of 6.1, 6.2, and 6.3, consider installing a security plugin for corresponding security measures, but note that updating to the latest Shopware version is recommended for the full range of functions.