Server-Side Request Forgery (SSRF) in Shopware - #VU131942
Published: December 15, 2020 / Updated: May 20, 2026
Shopware
Detailed vulnerability description
The vulnerability allows a remote user to perform server-side request forgery.
The vulnerability exists due to improper control of outbound requests in the server-side request functionality when handling authenticated user-supplied requests. A remote user can send a specially crafted request to perform server-side request forgery.