PT-2025-15898 · Packagist · Shopware/Core+1
Published
2025-04-08
·
Updated
2025-04-08
CVSS v3.1
4.0
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N |
Impact
It's possible to guess the deepLinkCode of an Document to open documents of other customers
Patches
Update to Shopware 6.6.10.3 or 6.5.8.17
Workarounds
For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Shopware/Core
Shopware/Platform