PT-2023-24671 · Shopware · Shopware
Published
2023-06-27
·
Updated
2023-07-06
·
CVE-2023-34099
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Shopware versions prior to 5.7.18
Description
The mail validation in the registration process had flaws, allowing the construction of different mail addresses that result in the same address, which can be shared by multiple accounts.
Recommendations
For versions prior to 5.7.18, update to version 5.7.18 to address the issue. For older versions, consider using the Security Plugin as a mitigation measure.
Exploit
Fix
Improper Check for Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Shopware