CVE-2023-22731

2023-01-1722:15:10

Google

osv.dev

shopware

commerce

vulnerability

php code execution

twig

symfony

vue js

fix

upgrade

plugin

sandbox extension

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

56.4%

JSON

Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment without the Sandbox extension, it is possible to refer to PHP functions in twig filters like map, filter, sort. This allows a template to call any global PHP function and thus execute arbitrary code. The attacker must have access to a Twig environment in order to exploit this vulnerability. This problem has been fixed with 6.4.18.1 with an override of the specified filters until the integration of the Sandbox extension has been finished. Users are advised to upgrade. Users of major versions 6.1, 6.2, and 6.3 may also receive this fix via a plugin.

CPENameOperatorVersion
shopwareeq6.1.1
shopwareeq6.4.5.1
shopwareeq6.4.11.0
shopwareeq6.4.10.1
shopwareeq6.1.0
shopwareeq6.1.0-rc4
shopwareeq6.4.4.0
shopwareeq6.4.17.1
shopwareeq6.3.0.0
shopwareeq6.4.17.2

Name	Operator	Version
shopware	eq	6.1.1
shopware	eq	6.4.5.1
shopware	eq	6.4.11.0
shopware	eq	6.4.10.1
shopware	eq	6.1.0
shopware	eq	6.1.0-rc4
shopware	eq	6.4.4.0
shopware	eq	6.4.17.1
shopware	eq	6.3.0.0
shopware	eq	6.4.17.2