Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade shopware/core to version 6.6.10.9, 6.7.4.1 or higher.
shopware/core is a Shopware platform is the core for all Shopware ecommerce products.
Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the password reset, if a customer changes their email address after requesting a reset, the link associated with the previous email address remains valid. An attacker can gain unauthorized access to a user's account by using a previously issued password reset link after the user has changed their email address.