Spryker Commerce OS 1.0 SQL Injection - KizzMyAnthia.com

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512Title=====SCHUTZWERK-SA-2023-001: SQL Injection in Spryker Commerce OSStatus======PUBLISHEDVersion=======1.0CVE reference=============CVE-2023-27568Link====https://www.schutzwerk.com/advisories/schutzwerk-sa-2023-001/Text-only version:https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2023-001.txtAffected products/vendor========================Spryker Commerce OS by Spryker Systems GmbH, with spryker/sales: 11.16.0-11.36.1or spryker-feature/order-management: 202009.0-202212.0Summary=======An SQL injection vulnerability affecting Spryker-based webshops was discoveredin the order history search form. It can be exploited by authenticatedattackers in order to retrieve informationen from the database (e.g. customerand administrator

Related Keywords

Germany ,Jakob Pietzka ,Rztvsbpsp Oengpesgvaokyjctjzu ,Amtsgericht Ulm ,David Brown , ,Spryker Commerce ,Spryker Systems Gmbh ,General Data Protection Regulation ,Query Language ,Prevention Cheat Sheet ,Managing Directors ,Michael Sch ,Data Protection ,