Lucene search

[email protected]CVE-2016-3109

HistoryApr 21, 2017 - 8:59 p.m.

CVE-2016-3109

2017-04-2120:59:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2016-3109

shopware

remote code execution

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.67 Medium

EPSS

Percentile

98.0%

JSON

The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code.

Affected configurations

NVD

Node

shopwareshopwareRange≤5.1.4

CPENameOperatorVersion
shopware:shopwareshopwarele5.1.4

CPE	Name	Operator	Version
shopware:shopware	shopware	le	5.1.4

References

packetstormsecurity.com/files/136781/Shopware-Remote-Code-Execution.html

www.securityfocus.com/archive/1/538173/100/0/threaded

www.securityfocus.com/bid/97979

github.com/shopware/shopware/commit/d73e9031a5b2ab6e918eb86d1e2b2e873cd3558d

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.67 Medium

EPSS

Percentile

98.0%

JSON

Related for CVE-2016-3109

osv1 nvd1 cvelist1 friendsofphp1 checkpoint_advisories1 prion1 dsquare1 github1