shopware/platform and shopware/core are vulnerable to privilege escalation. Lack of secure handling allows the permissions set by admin-api for sales channel context to be able use within normal user sessions.
CPE | Name | Operator | Version |
---|---|---|---|
shopware/platform | le | 6.4.10.0 | |
shopware/core | le | 6.4.10.0 | |
shopware/platform | le | 6.4.10.0 | |
shopware/core | le | 6.4.10.0 |