Input validation

2023-06-2717:15:00

PRIOn knowledge base

www.prio-n.com

shopware

e-commerce

mail validation

flaw

version 5.7.18

update

vulnerability

0.001 Low

EPSS

Percentile

38.5%

JSON

Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7.18 and users are advised to update. There are no known workarounds for this vulnerability.

CPENameOperatorVersion
shopwarege5.1.4
shopwarele5.7.17

CPE	Name	Operator	Version
	shopware	ge	5.1.4
	shopware	le	5.7.17

References

docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023

github.com/shopware/shopware/security/advisories/GHSA-gh66-fp7j-98v5

github.com/shopware5/shopware/commit/39cc714d9a0be33b43877044d0b88ea3c6b43f3d

www.shopware.com/en/changelog-sw5/

0.001 Low

EPSS

Percentile

38.5%

JSON

Related for PRION:CVE-2023-34099