CVE-2024-42357 | Shopware up to 6.5.8.12/6.6.5.0 API sql injection (GHSA-p6w9-r443-r752)

Posted by Angelo Barbosa | Aug 8, 2024 | CVE

A vulnerability, which was classified as critical, was found in Shopware up to 6.5.8.12/6.6.5.0. Affected is an unknown function of the component API. The manipulation leads to sql injection.

This vulnerability is traded as CVE-2024-42357. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-42357 | Shopware up to 6.5.8.12/6.6.5.0 API sql injection (GHSA-p6w9-r443-r752)

Related Posts

CVE-2024-21782 | F5 BIG-IP/BIG-IQ up to 15.1.8/16.1.3/17.1.0 scp os command injection (K98606833)

CVE-2023-7173 | PHPGurukul Hospital Management System 1.0 registration.php First Name cross site scripting

CVE-2023-52105 | Huawei HarmonyOS 4.0.0 Nearby Module access control

CVE-2024-5374 | Kashipara College Management System 1.0 submit_new_faculty.php address cross site scripting