An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote authenticated attacker to dump the underlying database.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-29T01:08:12
Updated: 2024-08-03T04:29:01.513Z
Reserved: 2022-02-11T00:00:00
Link: CVE-2022-24956
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-03-29T02:15:07.413
Modified: 2022-04-05T20:03:10.080
Link: CVE-2022-24956
Redhat
No data.