Authenticated server-side request forgery in file upload via URL.

Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

服务端请求伪造(SSRF)

Shopware 代码问题漏洞

Shopware是德国Shopware公司的一套开源电子商务软件。 Shopware 6.4.3.1 之前的版本存在代码问题漏洞，该漏洞允许经过身份验证的攻击者通过 URL 上传文件触发服务器端请求伪造。

N/A

N/A