N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-88rc-3p98-rgvx

EPSS Score

CWE

CWE-668

Published

4/13/2021

Updated

1/9/2023

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-88rc-3p98-rgvx

GHSA-88rc-3p98-rgvx: After order payment process manipulation in shopware/platform and shopware/core

Impact

After order payment process manipulation

Patches

We recommend to update to the current version 6.3.5.3. You can get the update to 6.3.5.3 regularly via the Auto-Updater or directly via the download overview.

https://www.shopware.com/en/download/#shopware-6

Workarounds

For older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659

For more information

https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2021

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-88rc-3p98-rgvx

EPSS Score

CWE

CWE-668

Published

4/13/2021

Updated

1/9/2023

KEV Status

Technology

PHP

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
shopware/platform	composer	<= 6.3.5.2	6.3.5.3
shopware/core	composer	<= 6.3.5.2	6.3.5.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The provided vulnerability information and security advisories do not include concrete code diffs or explicit references to modified functions. While the CWE-668 context suggests potential issues in payment state handling or order processing functions, there is insufficient evidence in the provided materials to identify specific function names, file paths, or patch changes required for runtime detection. Without access to the actual security patches or commit details showing modified code locations, we cannot confidently map the vulnerability to precise function signatures that would appear in a profiler.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t **t*r or**r p*ym*nt pro**ss m*nipul*tion ### P*t***s W* r**omm*n* to up**t* to t** *urr*nt v*rsion *.*.*.*. You **n **t t** up**t* to *.*.*.* r**ul*rly vi* t** *uto-Up**t*r or *ir**tly vi* t** *ownlo** ov*rvi*w. *ttps://www.s*opw*r*.*om

Reasoning

T** provi*** vuln*r**ility in*orm*tion *n* s**urity **visori*s *o not in*lu** *on*r*t* *o** *i**s or *xpli*it r***r*n**s to mo*i*i** *un*tions. W*il* t** *W*-*** *ont*xt su***sts pot*nti*l issu*s in p*ym*nt st*t* **n*lin* or or**r pro**ssin* *un*tion

N/A

Basic Information

Concerned about an active attack path?

GHSA-88rc-3p98-rgvx: After order payment process manipulation in shopware/platform and shopware/core

Impact

Patches

Workarounds

For more information

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI