Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
[RT-SA-2017-012] Shopware Cart Accessible by Third-Party Websites
Mar 13 2018 12:07PM
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Shopware Cart Accessible by Third-Party Websites
RedTeam Pentesting discovered that the shopping cart implemented by Shopware
offers an insecure API. Malicious, third-party websites may abuse this API to
list, add or remove products from a user's cart.
[ more ]
Copyright 2010, SecurityFocus