Shopware Remote Code Execution Vulnerability

Under certain circumstances, it’s possible to execute an unauthorized foreign code in Shopware. This is a critical security vulnerability that could affect the entire system. All Shopware versions including Shopware 5.2.14 are affected.

Published: May 21, 2024
Updated: Jun 27, 2024
GHSA: GHSA-q3g4-2vw9-xv27
Severity: Critical
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-74

Affected Software
References

Software	From	Fixed in
shopware / shopware	4.0.0	5.2.15
shopware / shopware	-	1.0.8

https://community.shopware.com/_detail_1989.html
https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-01-2017?category=shopware-5-en/security-updates
https://github.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/2017-01-24.yaml
https://github.com/shopware5/shopware/commit/14299e9ee9f7d93f687b4ec838e0873afbc84fec

Vulnerability Database

290,206

Shopware Remote Code Execution Vulnerability