PT-2022-16943 · Shopware · Shopware

Shyim

Published

2022-04-20

Updated

2022-04-28

CVE-2022-24871

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 6.4.10.1

Description The issue allows an attacker to abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version to resolve the issue. There are no known workarounds for this issue.

Recommendations For versions 6.1, 6.2, and 6.3, corresponding security measures are available via a plugin. Update to version 6.4.10.1 to resolve the issue. As a temporary workaround, consider restricting access to the Admin SDK functionality until a patch is applied.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2022-24871

GHSA-7GM7-8Q8V-9GF2

Affected Products

Shopware

PT-2022-16943 · Shopware · Shopware

CVE-2022-24871

Weakness Enumeration

Related Identifiers

Affected Products

References · 10