PT-2026-7163 · Shopware · Froshadminer+1
Gugiman
+1
·
Published
2026-02-09
·
Updated
2026-02-28
·
CVE-2026-25878
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
FroshAdminer versions prior to 2.2.1
Description
The Adminer route ('/admin/adminer') within the FroshAdminer plugin for Shopware Platform was accessible without requiring Shopware admin authentication. The route was configured without authentication and session validation, potentially exposing the Adminer user interface to unauthorized users.
Recommendations
Update FroshAdminer to version 2.2.1 or later.
Exploit
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Froshadminer
Shopware/Platform