Shopware SQL Injection Vulnerability


Shopware is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data submitted to the appended URL.


The original article can be found at: 54473
The information has been provided by Kataklysmos.


Vulnerable Systems:
 * Shopware SQL Injection Vulnerability

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Shopware 3.5 is vulnerable; other versions may also be affected.

Vendor Status:
Currently we are not aware of any vendor-supplied patches

Disclosure Timeline:
Initial Release:Jul 14 2012

Categories: News