3 matches found
CVE-2016-3109
The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code...
CVE-2016-3109
Affected software: Shopware before 5.1.5. Vulnerability: The backend/Login/load/ script allows remote attackers to execute arbitrary code. Root cause/impact: Remote code execution due to insecure handling in the load script; successful exploitation would grant arbitrary code execution on the serv...
Shopware getTemplateName Local File Inclusion (CVE-2016-3109)
A local file inclusion vulnerability has been reported in Shopware. This vulnerability is due to insufficient input validation in the getTemplateName method. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitati...