Lucene search
Veracode Vulnerability DatabaseVERACODE:38935HistoryJan 20, 2023 - 3:49 a.m.
Remote Code Execution
2023-01-2003:49:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
25
shopware
rce vulnerability
twig environment
remote code execution
php function
filters
malicious code
0.002 Low
EPSS
Percentile
56.4%
shopware is vulnerable to Remote Code Execution (RCE). An attacker with access to a Twig environment is able to use templates to call any global PHP function with filters such as map, filter, and sort, which allows an attacker to upload and execute malicious code on the system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| shopware/platform | le | 6.4.18.0 | |
| shopware/core | le | 6.4.18.0 | |
| shopware/platform | le | 6.4.18.0 | |
| shopware/core | le | 6.4.18.0 |
References
docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
github.com/shopware/core/commit/e06ffccaad7069e36f8e1996d89d4172f11dd3dd
github.com/shopware/platform/commit/89d1ea154689cb6202e0d3a0ceeae0febb0c09e1
github.com/shopware/platform/security/advisories/GHSA-93cw-f5jj-x85w
Related
osv
osv
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
2023-01-17 23:58:06
CVE-2023-22731
2023-01-17 22:15:10
CVE-2023-2017
2023-04-17 11:15:42
cve
cve
CVE-2023-22731
2023-01-17 22:15:10
CVE-2023-2017
2023-04-17 11:15:42
prion
prion
Design/Logic Flaw
2023-01-17 22:15:00
Input validation
2023-04-17 11:15:00
nvd
nvd
CVE-2023-22731
2023-01-17 22:15:10
CVE-2023-2017
2023-04-17 11:15:42
cvelist
cvelist
github
github
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
2023-01-17 23:58:06
Improper Control of Generation of Code in Twig rendered views
2023-04-18 13:14:20