Lucene search
GitHub Advisory DatabaseGHSA-Q3G4-2VW9-XV27HistoryMay 21, 2024 - 6:50 p.m.
Shopware Remote Code Execution Vulnerability
2024-05-2118:50:07
CWE-74
GitHub Advisory Database
github.com
3
shopware
remote code execution
critical vulnerability
7.5 High
AI Score
Confidence
Low
Under certain circumstances, it’s possible to execute an unauthorized foreign code in Shopware. This is a critical security vulnerability that could affect the entire system. All Shopware versions including Shopware 5.2.14 are affected.
Affected configurations
Node
shopwareshopwareRange<1.0.8
ORshopwareshopwareRange4.0.0≥
ORshopwareshopwareRange<5.2.15
| CPE | Name | Operator | Version |
|---|---|---|---|
| shopware/shopware | lt | 1.0.8 | |
| shopware/shopware | ge | 4.0.0 | |
| shopware/shopware | lt | 5.2.15 |
References
community.shopware.com/_detail_1989.html
docs.shopware.com/en/shopware-5-en/security-updates/security-update-01-2017?category=shopware-5-en/security-updates
github.com/advisories/GHSA-q3g4-2vw9-xv27
github.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/2017-01-24.yaml
github.com/shopware5/shopware/commit/14299e9ee9f7d93f687b4ec838e0873afbc84fec
7.5 High
AI Score
Confidence
Low