漏洞标题
Shopware中的潜在会话劫持
漏洞描述信息
Shopware中存在潜在的会话劫持漏洞
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
漏洞类别
N/A
漏洞标题
Potential Session Hijacking in Shopware
漏洞描述信息
Shopware is an open source eCommerce platform. Potential session hijacking of store customers in versions below 6.3.5.2. We recommend to update to the current version 6.3.5.2. You can get the update to 6.3.5.2 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
漏洞类别
会话固定
漏洞标题
Shopware 授权问题漏洞
漏洞描述信息
Shopware是德国Shopware公司的一套开源电子商务软件。 Shopware 中存在授权问题漏洞,该漏洞源于系统中对会话缺少正确的加密,导致攻击者可以劫持客户的会话。以下产品及版本会受到影响: 6.3.5.2 以下版本。
CVSS信息
N/A
漏洞类别
授权问题