Shopware SQL Injection Vulnerability

Summary

Shopware is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data submitted to the appended URL.

Credit:

The original article can be found at: http://www.securityfocus.com/bid/ 54473
The information has been provided by Kataklysmos.


Details

Vulnerable Systems:
 * Shopware SQL Injection Vulnerability

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Shopware 3.5 is vulnerable; other versions may also be affected.

Vendor Status:
Currently we are not aware of any vendor-supplied patches

Disclosure Timeline:
Initial Release:Jul 14 2012

Categories: News