Improper mail validation in Shopware
CVE-2023-34099

5.3MEDIUM

Key Information:

Vendor

Shopware

Status
Shopware
Vendor
CVE Published:
27 June 2023

What is CVE-2023-34099?

Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7.18 and users are advised to update. There are no known workarounds for this vulnerability.

Affected Version(s)

shopware < 5.7.18

References

https://github.com/shopware/shopware/security/advisories/...
x_refsource_CONFIRM
https://github.com/shopware5/shopware/commit/39cc714d9a0b...
x_refsource_MISC
https://docs.shopware.com/en/shopware-5-en/security-updat...
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.