Input validation error in Shopware - CVE-2023-22730
Published: January 17, 2023 / Updated: May 19, 2026
Shopware
Detailed vulnerability description
The vulnerability allows a remote user to bypass clearance sale restrictions in the cart.
The vulnerability exists due to improper input validation in cart line item validation when handling API requests that add line items to the cart. A remote user can submit the same line item multiple times to bypass clearance sale restrictions in the cart.