Home > Vulnerability Database > CVE-2022-36102

Mend.io Vulnerability Database

CVE-2022-36102

Date: September 12, 2022

Shopware is an open source e-commerce software. In affected versions if backend admin controllers are called with a certain notation, the ACL could be bypassed. Users could execute actions, which they are normally not able to do. Users are advised to update to the current version (5.7.15). Users can get the update via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.

Language: PHP

Severity Score

6.3

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-36102

Url: https://github.com/shopware/shopware/commit/de92d3a78279119a5bbe203054f8fa1d25126af6

Url: https://packagist.org/packages/shopware/shopware

Url: https://github.com/shopware/shopware

Url: https://github.com/shopware/shopware/security/advisories/GHSA-qc43-pgwq-3q2q

Url: https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2022

Url: https://www.mend.io/vulnerability-database/CVE-2022-36102

Severity Score

6.3

Weakness Type (CWE)

Improper Preservation of Permissions

CWE-281

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2022-36102

Date: September 12, 2022

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?