Shopware
CVE-2016-3109
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code.
AnalysisAI
The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 28.6%.
Technical ContextAI
This vulnerability is classified under CWE-20. The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code. Affected products include: Shopware. Version information: before 5.1.5.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiat
Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopwar
Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. Rated
Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management
Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI. Rated medium severit
Shopware is an open commerce platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, n
Shopware, an open ecommerce platform, has a new Twig Tag `sw_silent_feature_call` which silences deprecation messages wh
Shopware is an open headless commerce platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely explo
Shopware is an open source commerce platform based on Symfony Framework and Vue js. Rated critical severity (CVSS 9.8),
Shopware is an open source eCommerce platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploi
Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Rated medium severity (CVSS 5.5), this vulne
Shopware is an open source commerce platform based on Symfony Framework and Vue js. Rated high severity (CVSS 8.8), this
Same weakness CWE-20 – Improper Input Validation
View allShare
External POC / Exploit Code
Leaving vuln.today