Lucene search
Veracode Vulnerability DatabaseVERACODE:40265HistoryApr 24, 2023 - 7:31 a.m.
Arbitrary Code Injection
2023-04-2407:31:53
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
45
arbitrary code injection
shopware
securityextension.php
0.008 Low
EPSS
Percentile
81.9%
shopware/platform and shopware/core are vulnerable to Arbitrary Code Injection. The vulnerability exists in multiple functions of SecurityExtension.php because the inputs are properly checked which allows an attacker to inject and execute arbitrary code into the system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| shopware/platform | le | 6.4.20.0 | |
| shopware/core | le | 6.4.20.0 | |
| shopware/platform | le | 6.4.20.0 | |
| shopware/core | le | 6.4.20.0 |
References
docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2023
github.com/shopware/core/commit/5e5b30e214649abcf2bcf9423c3cbb799c9cc669
github.com/shopware/platform/commit/5ddece10fa5381e3d697663a9cf05d2e75935c43
github.com/shopware/platform/security/advisories/GHSA-7v2v-9rm4-7m8f
starlabs.sg/advisories/23/23-2017/
Related
prion
prion
Input validation
2023-04-17 11:15:00
osv
osv
CVE-2023-2017
2023-04-17 11:15:42
Improper Control of Generation of Code in Twig rendered views
2023-04-18 13:14:20
nvd
nvd
CVE-2023-2017
2023-04-17 11:15:42
cve
cve
CVE-2023-2017
2023-04-17 11:15:42
cvelist
cvelist
github
github
Improper Control of Generation of Code in Twig rendered views
2023-04-18 13:14:20
cert
cert
TCG TPM2.0 implementations vulnerable to memory corruption
2023-02-28 00:00:00