Описание
Shopware Remote Code Execution Vulnerability
Under certain circumstances it is possible to execute an authorized foreign code in Shopware version prior to 5.2.25.
Ссылки
- https://github.com/shopware5/shopware/commit/8f6a7cefcba7547276892b82f64e4874c1a0dfed
- https://community.shopware.com/_detail_2015.html
- https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2017?category=shopware-5-en/security-updates
- https://github.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/2017-06-22.yaml
Пакеты
Наименование
shopware/shopware
composer
Затронутые версииВерсия исправления
>= 4.2.0, < 5.2.25
5.2.25
9.8 Critical
CVSS3
Дефекты
CWE-1336
9.8 Critical
CVSS3
Дефекты
CWE-1336