Main Vulnerability Database Vulnerabilities #VU77753

Improper Check for Unusual or Exceptional Conditions in Shopware - CVE-2023-34099

Published: June 28, 2023

Vulnerability identifier: #VU77753

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-34099

CWE-ID: CWE-754

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Shopware

Software vendor:
Shopware

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper mail validation in the registration process. A remote attacker can construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts.

Remediation

Install updates from vendor's website.

External links

https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023
https://github.com/shopware5/shopware/commit/39cc714d9a0be33b43877044d0b88ea3c6b43f3d
https://github.com/shopware/shopware/security/advisories/GHSA-gh66-fp7j-98v5
https://www.shopware.com/en/changelog-sw5/#5-7-18

Improper Check for Unusual or Exceptional Conditions in Shopware - CVE-2023-34099

Description

Remediation

External links

Please verify you're human