Input validation error in Shopware - CVE-2023-22734
Published: January 17, 2023 / Updated: May 19, 2026
Shopware
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass newsletter double opt-in validation.
The vulnerability exists due to improper input validation in the newsletter subscription option validation when processing newsletter subscription requests. A remote attacker can submit a specially crafted subscription request to bypass newsletter double opt-in validation.