Home > Vulnerability Database > CVE-2023-34099

Mend.io Vulnerability Database

CVE-2023-34099

Good to know:

Date: June 27, 2023

Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7.18 and users are advised to update. There are no known workarounds for this vulnerability.

Language: PHP

Severity Score

5.3

Related Resources (8)

Url: https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023

Url: https://github.com/shopware/shopware/security/advisories/GHSA-gh66-fp7j-98v5

Url: https://github.com/shopware5/shopware

Url: https://github.com/shopware5/shopware/commit/39cc714d9a0be33b43877044d0b88ea3c6b43f3d

Url: https://github.com/shopware5/shopware/security/advisories/GHSA-gh66-fp7j-98v5

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-34099

Url: https://www.shopware.com/en/changelog-sw5/#5-7-18

Url: https://www.mend.io/vulnerability-database/CVE-2023-34099

Severity Score

5.3

Weakness Type (CWE)

Improper Check for Unusual or Exceptional Conditions

CWE-754

Top Fix

Upgrade Version

Upgrade to version v5.7.18

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-34099

Good to know:

Date: June 27, 2023

Language: PHP

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?