SQL Injection Threat

Pedro_Del_Favero · April 23, 2025, 7:24pm

Does anybody has a Cibersecurity Scan that found that account/login URL has SQL Injection Vulnerabilities? How can I prove is a false positive threat, isn’t it?

DavidT · April 24, 2025, 2:39am

Automated scanners aren’t reliable. You can try it, but Shopify has a bug bounty program so if this is a real issue someone would have found it.

KyleG-Shopify · April 24, 2025, 6:44pm

Hey @Pedro_Del_Favero , to add on to what David mentioned, we have guidance here on reporting any security concerns: https://www.shopify.com/ca/security-response

Topic		Replies	Views
Malware codes in my theme code Online Store and Theme Development theme-troubleshootin	4	56	February 10, 2025
"Something went wrong" error upon login Partner Discussions dev-stores	3	14	May 8, 2025
Details on Application Security controls and the scope of the Penetration testing Partner Discussions app-store , dev-stores	0	35	November 20, 2024
Can't deploy my app with `read_online_store` access scope Shopify CLI and Libraries app-commands	6	69	January 16, 2025
Unauthorized Message and Suspicious Activity: Need Clarification Partner Discussions billing-api , app-store , partner-dash , dev-stores	4	34	December 23, 2024

SQL Injection Threat

Related topics