Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

shopware — Vulnerabilities & Security Advisories 56

Browse all 56 CVE security advisories affecting shopware. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Shopware is an open-source e-commerce platform primarily utilized by mid-sized enterprises to manage online storefronts and complex product catalogs. Its architecture, built on PHP and Symfony components, has historically exposed it to a range of web application vulnerabilities, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL injection. Recent records indicate approximately 56 Common Vulnerabilities and Exposures (CVEs), reflecting ongoing challenges with input validation and access control mechanisms. Notable incidents often stem from insecure default configurations or delayed patching of critical plugins, allowing attackers to escalate privileges or execute arbitrary code. The platform’s modular extension system further complicates security hygiene, as third-party modules may introduce unvetted code paths. Consequently, administrators must rigorously audit dependencies and apply updates promptly to mitigate risks associated with its extensive feature set and frequent codebase modifications.

Top products by shopware: shopware platform core SwagPayPal commercial
CVE IDTitleCVSSSeverityPublished
CVE-2022-31057 Authenticated Stored XSS in Shopware Administration — shopwareCWE-79 6.5 Medium2022-06-27
CVE-2022-24892 Multiple valid tokens for password reset in Shopware — shopwareCWE-640 6.4 Medium2022-04-28
CVE-2022-24879 Malfunction of Cross-Site Request Forgery token validation — shopwareCWE-352 7.5 High2022-04-28
CVE-2022-24873 Non-Stored Cross-site Scripting in Shopware storefront — shopwareCWE-79 5.4 Medium2022-04-28
CVE-2022-24872 Improper Access Control in shopware — platformCWE-732 8.1 High2022-04-20
CVE-2022-24871 Server-Side Request Forgery (SSRF) in Shopware — platformCWE-918 7.2 High2022-04-20
CVE-2022-24744 Insufficient Session Expiration in shopware — platformCWE-613 2.6 Low2022-03-09
CVE-2022-24745 Guest session is shared between customers in shopware — platformCWE-384 4.8 Medium2022-03-09
CVE-2022-24746 HTML injection possibility in voucher code form — platformCWE-79 6.1 Medium2022-03-09
CVE-2022-24747 HTTP caching is marking private HTTP headers as public — platformCWE-200 6.3 Medium2022-03-09
CVE-2022-24748 Incorrect Authentication in shopware — platformCWE-287 6.8 Medium2022-03-09
CVE-2022-21652 Insufficient Session Expiration in shopware — shopwareCWE-613 3.5 Low2022-01-05
CVE-2022-21651 Open redirect in shopware — shopwareCWE-601 6.8 Medium2022-01-05
CVE-2021-41188 Authenticated Stored XSS in Administration — shopwareCWE-79 5.7 Medium2021-10-26
CVE-2021-37711 Authenticated server-side request forgery in file upload via URL. — platformCWE-918 8.8 High2021-08-16
CVE-2021-37710 Cross-Site Scripting via SVG media files — platformCWE-79 8.0 High2021-08-16
CVE-2021-37709 Insecure direct object reference of log files of the Import/Export feature — platformCWE-532 6.5 Medium2021-08-16
CVE-2021-37708 Command injection in mail agent settings — platformCWE-77 8.8 High2021-08-16
CVE-2021-37707 Manipulation of product reviews via API — platformCWE-20 6.5 Medium2021-08-16
CVE-2021-32717 Private files publicly accessible with Cloud Storage providers — platformCWE-200 7.5 High2021-06-24
CVE-2021-32716 Internal hidden fields are visible on to many associations in admin api — platformCWE-200 4.4 Medium2021-06-24
CVE-2021-32712 Information leakage in Error Handler — shopwareCWE-200 5.3 Medium2021-06-24
CVE-2021-32713 Authenticated Stored XSS — shopwareCWE-79 4.8 Medium2021-06-24
CVE-2021-32711 Leak of information via Store-API — platformCWE-200 9.1 Critical2021-06-24
CVE-2021-32710 Potential Session Hijacking in Shopware — platformCWE-384 5.9 Medium2021-06-24
CVE-2021-32709 Creation of order credits was not validated by acl in admin orders — platformCWE-306 4.9 Medium2021-06-24

This page lists every published CVE security advisory associated with shopware. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.