CVE-2016-3109
CRITICALShopware < 5.1.5 - Remote Code Execution via Backend Login Load Script
Title source: llmDescription
The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code.
References (4)
Core 4
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/shopware/shopware/commit/d73e9031a5b2ab6e918eb86d1e2b2e873cd3558d
Exploit, Patch, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/136781/Shopware-Remote-Code-Execution.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97979
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/538173/100/0/threaded
Scores
CVSS v3
9.8
EPSS
0.2822
EPSS Percentile
97.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (2)
shopware/shopware
< 5.1.4
shopware/shopware
0 - 4.3.7Packagist
Published
Apr 21, 2017
Tracked Since
Feb 18, 2026