SQL Injection Vulnerability in Spryker Commerce OS 0.9: Unauthorized Access to Sensitive Data via Customer/Order Search

SQL Injection Vulnerability in Spryker Commerce OS 0.9: Unauthorized Access to Sensitive Data via Customer/Order Search

CVE-2023-27568 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchForm[searchText]=

Learn more about our Web Application Penetration Testing UK.