CVE-2021-37707— Manipulation of product reviews via API

CVSS 6.5 · Medium EPSS 0.21% · P44 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-37707

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Manipulation of product reviews via API

Source: NVD (National Vulnerability Database)

Vulnerability Description

Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability that allows manipulation of product reviews via API. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

输入验证不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

Shopware 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Shopware是德国Shopware公司的一套开源电子商务软件。 Shopware 存在输入验证错误漏洞，建议更新到当前版本6.4.3.1。目前尚无该漏洞的更多信息，请随时关注CNNVD或厂商公告。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
shopware	platform	<= 6.4.3.0	-

II. Public POCs for CVE-2021-37707

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-37707

请登录查看更多情报信息。

https://github.com/shopware/platform/security/advisories/GHSA-9f8f-574q-8jmfx_refsource_CONFIRM
https://github.com/shopware/platform/commit/912b96de3b839c6c5525c98cbb58f537c2d838bex_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2021-37707

Same Patch Batch · shopware · 2021-08-16 · 5 CVEs total

CVE-2021-37708	8.8 HIGH	Command injection in mail agent settings
CVE-2021-37711	8.8 HIGH	Authenticated server-side request forgery in file upload via URL.
CVE-2021-37710	8.0 HIGH	Cross-Site Scripting via SVG media files
CVE-2021-37709	6.5 MEDIUM	Insecure direct object reference of log files of the Import/Export feature

IV. Related Vulnerabilities

Same product: platform

Same vendor: shopware

Same weakness: CWE-20

V. Comments for CVE-2021-37707

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-37707— Manipulation of product reviews via API

I. Basic Information for CVE-2021-37707

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-37707

III. Intelligence Information for CVE-2021-37707

Same Patch Batch · shopware · 2021-08-16 · 5 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-37707

Leave a comment