Under certain circumstances, it’s possible to execute an unauthorized foreign code in Shopware. This is a critical security vulnerability that could affect the entire system. All Shopware versions including Shopware 5.2.14 are affected.
CPE | Name | Operator | Version |
---|---|---|---|
shopware/shopware | lt | 1.0.8 | |
shopware/shopware | ge | 4.0.0 | |
shopware/shopware | lt | 5.2.15 |
community.shopware.com/_detail_1989.html
docs.shopware.com/en/shopware-5-en/security-updates/security-update-01-2017?category=shopware-5-en/security-updates
github.com/advisories/GHSA-q3g4-2vw9-xv27
github.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/2017-01-24.yaml
github.com/shopware5/shopware/commit/14299e9ee9f7d93f687b4ec838e0873afbc84fec