Insufficient Session Expiration in Shopware - CVE-2023-22732
Published: January 17, 2023 / Updated: May 19, 2026
Shopware
Detailed vulnerability description
The vulnerability allows a remote attacker to reuse a stolen session cookie for authorization.
The vulnerability exists due to insufficient session expiration in the administration session handling when processing inactive administration sessions. A remote attacker can use a stolen session cookie to reuse old session credentials for authorization.