Security Vulnerability in Shopware API Could Lead to SQL-Injection
CVE-2024-42357

9.8CRITICAL

Key Information:

Vendor: Shopware
Status: Shopware
Vendor: CVE Published:; 8 August 2024

What is CVE-2024-42357?

The Shopware open commerce platform features an application API that includes a search functionality, which allows users to search through data stored in their Shopware instance. A security vulnerability exists in the API's search functionality where the name field in the aggregations object is susceptible to SQL injection attacks. This can allow attackers to manipulate SQL queries through crafted inputs, potentially leading to unauthorized data access or integrity issues. To mitigate this vulnerability, users should update to Shopware versions 6.6.5.1 or 6.5.8.13. For older versions, corresponding security measures can be implemented via a plugin.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/shopware/shopware/security/advisories/...

https://github.com/shopware/core/commit/63c05615694790f57...

https://github.com/shopware/core/commit/a784aa1cec0624e36...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2024

JSON

Shopware

What is CVE-2024-42357?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.