SQL Injection Threat

Pedro_Del_Favero · April 23, 2025, 7:24pm

Does anybody has a Cibersecurity Scan that found that account/login URL has SQL Injection Vulnerabilities? How can I prove is a false positive threat, isn’t it?

DavidT · April 24, 2025, 2:39am

Automated scanners aren’t reliable. You can try it, but Shopify has a bug bounty program so if this is a real issue someone would have found it.

KyleG-Shopify · April 24, 2025, 6:44pm

Hey @Pedro_Del_Favero , to add on to what David mentioned, we have guidance here on reporting any security concerns: https://www.shopify.com/ca/security-response

Topic		Replies	Views
Malware codes in my theme code Online Store and Theme Development theme-troubleshootin	4	58	February 10, 2025
Does Shopify send regular mandatory webhooks requests? Webhooks and Events troubleshooting	3	21	May 13, 2025
"Something went wrong" error upon login Partner Discussions dev-stores	6	25	May 15, 2025
Details on Application Security controls and the scope of the Penetration testing Partner Discussions app-store , dev-stores	0	36	November 20, 2024
Can't deploy my app with `read_online_store` access scope Shopify CLI and Libraries app-commands	6	69	January 16, 2025

SQL Injection Threat

Related topics