Shopware

LAB ONLY | AUTHORIZED TARGETS ONLY | 自动生成索引

系统 ID: shopware
分类: ecommerce
覆盖策略: history-full
总案例数: 71
近 30 天新增/更新: 0
重点 Markdown 案例数: 0
已实证(真实版本): 0
已实证(synthetic): 0
阻塞数: 0
待人工/缺浏览器证据: 71
最近渲染时间: 2026-04-01T09:21:04+00:00

目标约束

适用目标类型: lab-local, lab-public, authorized-third-party
是否允许公网验证: yes, but ownership or authorization is required
授权前提: 资产归属可证明，或已取得书面/明确授权。
最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作

来源

official Shopware Security Advisories (mode=core)
official NVD Shopware (keyword=Shopware; mode=core)
ecosystem-authority OSV Shopware (mode=core)

案例列表

标题	严重度	案例状态	实证状态	实证方式	来源置信度	更新时间	案例页
CVE-2023-22730	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T07:45:18.660`	-
CVE-2022-36102	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T07:12:23.590`	-
CVE-2022-36101	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T07:12:23.440`	-
CVE-2022-31148	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T07:03:59.930`	-
CVE-2022-31057	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T07:03:48.270`	-
CVE-2022-24892	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:51:20.243`	-
CVE-2022-24879	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:51:18.403`	-
CVE-2022-24873	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:51:17.737`	-
CVE-2022-24872	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:51:17.607`	-
CVE-2022-24871	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:51:17.483`	-
CVE-2022-24956	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:51:27.467`	-
CVE-2022-24748	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:51:00.577`	-
CVE-2022-24747	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:51:00.453`	-
CVE-2022-24746	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:51:00.337`	-
CVE-2022-24745	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:51:00.213`	-
CVE-2022-24744	`low`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:51:00.097`	-
CVE-2022-21652	`low`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:45:09.557`	-
CVE-2022-21651	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:45:09.420`	-
CVE-2021-41188	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:25:43.210`	-
CVE-2021-37710	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:15:45.890`	-
CVE-2021-37709	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:15:45.713`	-
CVE-2021-37708	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:15:45.560`	-
CVE-2021-37707	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:15:45.410`	-
CVE-2021-32717	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:07:35.447`	-
CVE-2021-32716	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:07:35.340`	-
CVE-2021-32713	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:07:35.013`	-
CVE-2021-32712	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:07:34.910`	-
CVE-2021-32711	`critical`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:07:34.803`	-
CVE-2021-32710	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:07:34.690`	-
CVE-2021-32709	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T06:07:34.577`	-
CVE-2020-28199	`critical`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T05:22:27.980`	-
CVE-2020-13997	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T05:02:18.893`	-
CVE-2020-13971	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T05:02:16.100`	-
CVE-2020-13970	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T05:02:15.970`	-
CVE-2019-12935	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:23:51.287`	-
CVE-2019-12799	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:23:36.247`	-
CVE-2018-20713	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:02:00.820`	-
CVE-2017-18357	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T03:19:55.227`	-
CVE-2017-15374	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2025-04-20T01:37:25.860`	-
CVE-2016-3109	`critical`	`triage`	`triage-manual`	`synthetic`	`official`	`2025-04-20T01:37:25.860`	-
Sign up	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Report a vulnerability	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Policy	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Pull requests
186	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Issues
1.3k	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
`/api/_info/config` route exposes information about licenses	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Reflected XSS in Storefront Login Page	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Insights	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
7	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
3	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Skip to content	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Discussions	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Actions	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
`/api/_info/config` route exposes information about active security fixes	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Star
3.3k	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
shopware	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Improper Control of Generation of Code in Twig rendered views	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
6	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
4	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
User enumeration via distinct error codes on Store API login endpoint	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Unauthenticated data extraction possible through store-api.order endpoint	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Next	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Reflective Cross Site-Scripting (XSS) in CMS components	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
shopware	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Security
68	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Password recovery link does not expire after email change	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Path traversal via Plugin upload	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
5	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Sign in	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Projects	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Potential take over of app credentials	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-

9.2 KiB 原始文件 Blame 文件历史

Shopware

目标约束

来源

案例列表

9.2 KiB

原始文件 Blame 文件历史