Improper access control in Shopware - CVE-2022-24748
Published: March 9, 2022 / Updated: May 20, 2026
Shopware
Detailed vulnerability description
The vulnerability allows a remote user to modify customers and create orders without app permission.
The vulnerability exists due to improper access control in app permission enforcement when handling customer modification and order creation operations. A remote user can invoke these operations without the required app permission to modify customers and create orders without app permission.