shopware/platform and shopware/core are vulnerable to Arbitrary Code Injection. The vulnerability exists in multiple functions of SecurityExtension.php
because the inputs are properly checked which allows an attacker to inject and execute arbitrary code into the system.
CPE | Name | Operator | Version |
---|---|---|---|
shopware/platform | le | 6.4.20.0 | |
shopware/core | le | 6.4.20.0 | |
shopware/platform | le | 6.4.20.0 | |
shopware/core | le | 6.4.20.0 |
docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2023
github.com/shopware/core/commit/5e5b30e214649abcf2bcf9423c3cbb799c9cc669
github.com/shopware/platform/commit/5ddece10fa5381e3d697663a9cf05d2e75935c43
github.com/shopware/platform/security/advisories/GHSA-7v2v-9rm4-7m8f
starlabs.sg/advisories/23/23-2017/