shopware/platform Security Advisories for 6.5.8.17-dev (3)
-
[MEDIUM] Shopware race condition bypasses voucher restrictions
PKSA-sy2r-ddrd-9s1c CVE-2025-7954 GHSA-27gv-mg7w-mm34
Affected version: <=6.6.10.4
Reported by:
GitHub -
[HIGH] Shopware Vulnerable to Blind SQL-injection in DAL aggregations
PKSA-fkd6-58gd-wqfz CVE-2025-27892 GHSA-8g35-7rmw-7f59
Affected version: <6.5.8.18|>=6.6.0.0,<=6.6.10.2|=6.7.0.0-rc1
Reported by:
GitHub -
[MEDIUM] Shopware 6 allows attackers to check for registered accounts through the store-api
PKSA-4xth-xj4w-m8t1 CVE-2025-30150 GHSA-hh7j-6x3q-f52h
Affected version: <=6.5.8.17|>=6.6.0.0,<=6.6.10.2|=6.7.0.0-rc1
Reported by:
GitHub