Lucene search
Veracode Vulnerability DatabaseVERACODE:37008HistorySep 13, 2022 - 3:56 a.m.
Authorization Bypass
2022-09-1303:56:36
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
shopware
authorization bypass
vulnerability
access control
remote attack
backend admin
0.004 Low
EPSS
Percentile
72.5%
shopware/shopware is vulnerable to authorization bypass. A remote authenticated attacker is able to bypass access control lists and perform unintended acts in the system, when the backend admin controllers are called with a certain insecure notation.
| CPE | Name | Operator | Version |
|---|---|---|---|
| shopware/shopware | le | v5.7.14 | |
| shopware/shopware | le | v5.7.14 |
Related
cvelist
cvelist
CVE-2022-36102 Acess control list bypassed via crafted specific URLs
2022-09-12 20:00:24
osv
osv
Shopware access control list bypassed via crafted specific URLs
2022-09-16 21:01:29
github
github
Shopware access control list bypassed via crafted specific URLs
2022-09-16 21:01:29
cve
cve
CVE-2022-36102
2022-09-12 20:15:12
nvd
nvd
CVE-2022-36102
2022-09-12 20:15:12
prion
prion
Design/Logic Flaw
2022-09-12 20:15:00