RSS   Vulnerabilities for 'B2b suite'   RSS

2022-03-29
 
CVE-2022-24956

CWE-89
 

 
An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote authenticated attacker to dump the underlying database.

 

 >>> Vendor: Shopware 2 Products
Shopware
B2b suite


Copyright 2024, cxsecurity.com

 

Back to Top