CVE-2023-34099 MEDIUM

CVE-2023-34099: Improper mail validation in Shopware

Vendor Shopware
Product shopware
Weakness CWE-754
Published June 27, 2023
Last update November 7, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7.18 and users are advised to update. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

June 27, 2023 CVE published
November 7, 2024 Record updated