CVE-2025-27892

MEDIUM Year: 2025
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists because of a CVE-2024-22406 and CVE-2024-42357 regression.

Related Vulnerabilities

CVE-2018-6230

MEDIUM
CVSS:6.8(Medium)

A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may h...

CWE-892018

CVE-2020-14069

MEDIUM
CVSS:6.8(Medium)

An issue was discovered in MK-AUTH 19.01. There are SQL injection issues in mkt/ PHP scripts, as demonstrated by arp.php, dhcp.php, hotspot.php, ip.php, pgaviso.php, pgcorte.php, pppoe.php, queues.php...

CWE-892020

CVE-2021-1222

MEDIUM
CVSS:6.8(Medium)

A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. Th...

CWE-892021

CVE-2023-44090

MEDIUM
CVSS:6.8(Medium)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows CVE-2008-5817. This vulnerability allowed SQL changes to be made to seve...

CWE-892023

CVE-2024-33272

MEDIUM
CVSS:6.8(Medium)

SQL injection vulnerability in KnowBand for PrestaShop autosuggest before 2.0.0 allows an attacker to run arbitrary SQL commands via the AutosuggestSearchModuleFrontController::initContent(), and Auto...

CWE-892024

CVE-2024-49588

MEDIUM
CVSS:6.8(Medium)

Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.

CWE-892024