Information disclosure in Shopware - CVE-2022-36101
Published: September 12, 2022 / Updated: May 19, 2026
Shopware
Detailed vulnerability description
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to improper exposure of sensitive information in the customer detail view in the backend administration when handling requests for customer details. A remote user can request the customer detail view to disclose sensitive information.
The exposed data includes hashed passwords and session IDs.