logo

Database

Lack of data validation In shopware/shopware

Description

Shopware Remote Code Execution Vulnerability Under certain circumstances, it’s possible to execute an unauthorized foreign code in Shopware. This is a critical security vulnerability that could affect the entire system. All Shopware versions including Shopware 5.2.14 are affected.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GCVE-GHSA-q3g4-2vw9-xv27

References

1. https://github.com/shopware5/shopware/commit/14299e9ee9f7d93f687b4ec838e0873afbc84fec2. https://community.shopware.com/_detail_1989.html3. https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-01-2017?category=shopware-5-en/security-updates4. https://github.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/2017-01-24.yaml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.