Input validation error in Shopware - CVE-2023-22730

 

Input validation error in Shopware - CVE-2023-22730

Published: January 17, 2023 / Updated: May 19, 2026


Vulnerability identifier: #VU131884
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-22730
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Shopware
Affected software:
Shopware

Detailed vulnerability description

The vulnerability allows a remote user to bypass clearance sale restrictions in the cart.

The vulnerability exists due to improper input validation in cart line item validation when handling API requests that add line items to the cart. A remote user can submit the same line item multiple times to bypass clearance sale restrictions in the cart.


How to mitigate CVE-2023-22730

Install security update from vendor's website.

Sources