CVE-2023-22730 MEDIUM

CVE-2023-22730: Improper Input Validation of Clearance sale in cart

Vendor Shopware
Product platform
Weakness CWE-20 · Input validation
Published January 17, 2023
Last update March 10, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions It was possible to put the same line item multiple times in the cart using the AP. The Cart Validators checked the line item's individuality and the user was able to bypass quantity limits in sales. This problem has been fixed with version 6.4.18.1. Users on major versions 6.1, 6.2, and 6.3 may also obtain this fix via a plugin.

Key dates

02Disclosure timeline

January 17, 2023 CVE published
March 10, 2025 Record updated