Описание
Shopware vulnerable to SSRF
Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery (SSRF) in its "Mediabrowser upload by URL" feature. This allows an authenticated user to send HTTP, HTTPS, FTP, and SFTP requests on behalf of the Shopware platform server.
Пакеты
Наименование
shopware/platform
composer
Затронутые версииВерсия исправления
< 6.2.3
6.2.3
Связанные уязвимости
CVSS3: 8.8
nvd
больше 5 лет назад
Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery (SSRF) in its "Mediabrowser upload by URL" feature. This allows an authenticated user to send HTTP, HTTPS, FTP, and SFTP requests on behalf of the Shopware platform server.