Lucene search
Veracode Vulnerability DatabaseVERACODE:35328HistoryApr 29, 2022 - 7:14 a.m.
Cross Site Request Forgery (CSRF)
2022-04-2907:14:13
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.001 Low
EPSS
Percentile
26.1%
shopware/shopware is vulnerable to cross-site request forgery. The vulnerability exists in CSRFTokenValidator.php due to the lack of validation in csrf token which allows an attacker to make changes to the system as a legitimate user.
| CPE | Name | Operator | Version |
|---|---|---|---|
| shopware/shopware | le | v5.7.8 | |
| shopware/shopware | le | v5.7.8 |
References
docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022
github.com/shopware/shopware/commit/e27d5c5f6d5a87e0b71f5474f2d058226e10704a
github.com/shopware/shopware/releases/tag/v5.7.9
github.com/shopware/shopware/security/advisories/GHSA-pf38-v6qj-j23h
www.shopware.com/en/changelog-sw5/#5-7-9
Related
prion
prion
Cross site request forgery (csrf)
2022-04-28 15:15:00
github
github
Malfunction of CSRF token validation in Shopware
2022-04-28 21:01:53
nvd
nvd
CVE-2022-24879
2022-04-28 15:15:09
cve
cve
CVE-2022-24879
2022-04-28 15:15:09
cvelist
cvelist
CVE-2022-24879 Malfunction of Cross-Site Request Forgery token validation
2022-04-28 14:15:14
osv
osv
Malfunction of CSRF token validation in Shopware
2022-04-28 21:01:53
cnvd
cnvd
Shopware Cross-Site Request Forgery Vulnerability
2022-05-05 00:00:00