Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

platform — Vulnerabilities & Security Advisories 59

All 59 CVE vulnerabilities found in platform, with AI-generated Chinese analysis, references, and POCs.

Vendor: orchidsoftware

CVE IDTitleCVSSSeverityPublished
CVE-2023-5964 1E-Exchange-DisplayMessage instruction allows for arbitrary code execution CWE-20 9.9 Critical2023-11-06
CVE-2023-45163 1E-Exchange-CommandLinePing instruction before v18.1 allows for arbitrary code execution CWE-20 9.9 Critical2023-11-06
CVE-2023-45161 1E-Exchange-URLResponseTime instruction before v20.1 allows arbitrary code execution CWE-20 9.9 Critical2023-11-06
CVE-2023-36825 Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution CWE-502 9.7 Critical2023-07-11
CVE-2023-22733 Improper Output Neutralization in Log Module in shopware CWE-532 2.7 Low2023-01-17
CVE-2023-22732 Insufficient Session Expiration in Administration in shopware CWE-613 3.7 Low2023-01-17
CVE-2023-22731 Improper Control of Generation of Code in Twig rendered views in shopware CWE-94 10.0 Critical2023-01-17
CVE-2023-22730 Improper Input Validation of Clearance sale in cart CWE-20 5.3 Medium2023-01-17
CVE-2023-22734 Improper Input Newsletter subscription option validation in shopware CWE-20 4.3 Medium2023-01-17
CVE-2022-24872 Improper Access Control in shopware CWE-732 8.1 High2022-04-20
CVE-2022-24871 Server-Side Request Forgery (SSRF) in Shopware CWE-918 7.2 High2022-04-20
CVE-2022-24744 Insufficient Session Expiration in shopware CWE-613 2.6 Low2022-03-09
CVE-2022-24745 Guest session is shared between customers in shopware CWE-384 4.8 Medium2022-03-09
CVE-2022-24746 HTML injection possibility in voucher code form CWE-79 6.1 Medium2022-03-09
CVE-2022-24747 HTTP caching is marking private HTTP headers as public CWE-200 6.3 Medium2022-03-09
CVE-2022-24748 Incorrect Authentication in shopware CWE-287 6.8 Medium2022-03-09
CVE-2021-43852 JavaScript Prototype Pollution in oro/platform CWE-74 8.8 High2022-01-04
CVE-2021-41236 XSS vulnerability in oro/platform CWE-79 6.9 Medium2022-01-04
CVE-2021-37711 Authenticated server-side request forgery in file upload via URL. CWE-918 8.8 High2021-08-16
CVE-2021-37710 Cross-Site Scripting via SVG media files CWE-79 8.0 High2021-08-16
CVE-2021-37709 Insecure direct object reference of log files of the Import/Export feature CWE-532 6.5 Medium2021-08-16
CVE-2021-37708 Command injection in mail agent settings CWE-77 8.8 High2021-08-16
CVE-2021-37707 Manipulation of product reviews via API CWE-20 6.5 Medium2021-08-16
CVE-2021-32717 Private files publicly accessible with Cloud Storage providers CWE-200 7.5 High2021-06-24
CVE-2021-32716 Internal hidden fields are visible on to many associations in admin api CWE-200 4.4 Medium2021-06-24
CVE-2021-32711 Leak of information via Store-API CWE-200 9.1 Critical2021-06-24
CVE-2021-32710 Potential Session Hijacking in Shopware CWE-384 5.9 Medium2021-06-24
CVE-2021-32709 Creation of order credits was not validated by acl in admin orders CWE-306 4.9 Medium2021-06-24
CVE-2020-15263 XSS in platform CWE-79 8.0 High2020-10-19

All 59 known CVE vulnerabilities affecting platform with full Chinese analysis, references, and POCs where available.