FroshAdminer Unauthenticated Access Vulnerability in Shopware Platform
Vulnerability
A vulnerability in the FroshAdminer plugin for Shopware Platform allows unauthenticated access to the Adminer user interface. This issue affects versions prior to 2.2.1. The vulnerability arises because the Adminer route was configured to bypass authentication and lacked session validation, leaving the Adminer UI open to anyone who knew the URL. Although direct database access without admin login is not possible through this vulnerability alone, an unauthenticated user could access the Adminer interface, potentially disclosing version information or exploiting Adminer-specific vulnerabilities.
Impact
Exploitation of this vulnerability allows unauthenticated users to access the Adminer interface, which could lead to unauthorized database management actions, depending on the database credentials and permissions.
Remediation
Users can update to FroshAdminer version 2.2.1, which includes the necessary session validation to require an authenticated admin session before accessing the Adminer UI. Alternatively, the plugin can be deactivated or uninstalled.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.