CVE-2025-27892
Published
CVSS v3
6.8
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists because of a CVE-2024-22406 and CVE-2024-42357 regression.
Shopware 6 is an open commerce platform based on Symfony Framework and Vue and supported by a worldwide community and more than 3.100 community extensions
GitHub