CVE-2022-36102

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 5.7.15

Description The issue allows users to bypass the Access Control List (ACL) if backend admin controllers are called with a certain notation, enabling them to execute actions they are normally not able to do. There are no known workarounds for this issue.

Recommendations For versions prior to 5.7.15, update to version 5.7.15 via the Auto-Updater or directly via the download overview. For older versions, consider using the Security Plugin as a mitigation measure until a patch is available. As a temporary workaround, consider restricting access to backend admin controllers to minimize the risk of exploitation.