Shopware: >> Shopware >> 5.1.4 Security Vulnerabilities
Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object.
CVSS Score
6.5
EPSS Score
0.584
Published
2019-01-15
Shopware before 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404.
CVSS Score
8.8
EPSS Score
0.006
Published
2019-01-15
The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.346
Published
2017-04-21
Page 5