Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insecure direct object reference of log files of the Import/Export feature
Vulnerability Description
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
Shopware 日志信息泄露漏洞
Vulnerability Description
Shopware是德国Shopware公司的一套开源电子商务软件。 Shopware 6.4.3.1 之前的版本存在安全漏洞,该漏洞源于导入/导出功能的日志文件的不安全对象直接引用。
CVSS Information
N/A
Vulnerability Type
N/A