Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insufficient Session Expiration in shopware
Vulnerability Description
Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation was adjusted, so that sessions created prior to the latest password change of a customer account can't be used to login with said account. This also means, that upon a password change, all existing sessions for a given customer account are automatically considered invalid. There is no workaround for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
Shopware 代码问题漏洞
Vulnerability Description
Shopware是德国Shopware公司的一套开源电子商务软件。 Shopware 5.7.7之前版本存在安全漏洞,该漏洞源于shopware不会在密码更改时使用户会话无效。
CVSS Information
N/A
Vulnerability Type
N/A