CVE-2025-27892
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-27892
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27892.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-27892
- Aliases
- Published
- 2025-04-15T22:15:25Z
- Modified
- 2025-07-29T11:21:49.810865Z
- Summary
- [none]
- Details
-
Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists because of a CVE-2024-22406 and CVE-2024-42357 regression.
- References
Affected packages
Git / github.com/shopware/platform
Affected ranges
- Type
- GIT
- Repo
- https://github.com/shopware/platform
- Events
- Type
- GIT
- Repo
- https://github.com/shopware/shopware
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
6.*
6.5.3.1
v6.*
v6.0.0+dp1
v6.0.0+ea1
v6.0.0+ea1.1
v6.0.0+ea2
v6.1.0
v6.1.0-rc1
v6.1.0-rc2
v6.1.0-rc3
v6.1.0-rc4
v6.1.1
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.2.0
v6.2.0-RC1
v6.2.1
v6.2.2
v6.2.3
v6.3.0.0
v6.3.0.1
v6.3.0.2
v6.3.3.0
v6.3.3.1
v6.3.4.1
v6.3.5.0
v6.4.1.0
v6.4.1.1
v6.4.1.2
v6.4.10.0
v6.4.10.1
v6.4.11.0
v6.4.11.1
v6.4.13.0
v6.4.14.0
v6.4.15.0
v6.4.15.1
v6.4.15.2
v6.4.16.0
v6.4.16.1
v6.4.17.0
v6.4.17.1
v6.4.17.2
v6.4.3.0
v6.4.3.1
v6.4.4.0
v6.4.4.1
v6.4.5.0
v6.4.5.1
v6.4.6.0
v6.4.6.1
v6.4.8.0
v6.4.8.1
v6.4.8.2
v6.4.9.0
v6.5.0.0
v6.5.0.0-rc1
v6.5.0.0-rc2
v6.5.0.0-rc3
v6.5.0.0-rc4
v6.5.1.0
v6.5.1.1
v6.5.2.0
v6.5.3.0
v6.5.3.1
v6.5.3.2
v6.5.3.3
v6.5.4.0
v6.5.5.0
v6.5.5.1
v6.5.5.2
v6.5.7.0
v6.5.7.1
v6.5.7.2
v6.5.7.3
v6.5.7.4
v6.5.8.10
v6.5.8.11
v6.5.8.12
v6.5.8.15
v6.5.8.16
v6.5.8.3
v6.5.8.5
v6.5.8.8
v6.5.8.9