GHSA-7336-ghhp-f2qj

Source

https://github.com/advisories/GHSA-7336-ghhp-f2qj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-7336-ghhp-f2qj/GHSA-7336-ghhp-f2qj.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7336-ghhp-f2qj

Published

2024-05-21T20:52:57Z

Modified

2024-12-06T05:42:56.820929Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Shopware Remote Code Execution Vulnerability

Details

Under certain circumstances, it’s possible to execute an unauthorized foreign code in Shopware in versions prior to 5.2.16. One possible threat is if a template that doesn’t derive from the Shopware standard has been completely copied. Themes or plugins that execute or overwrite the following template code are vulnerable.

Affected file: emotion.tpl

Path template file "Emotion template": templates / _default / frontend / forms / elements.tpl Path template file "Responsive template": themes/Frontend/Bare/frontend/forms/elements.tpl

The complete line beginning with: {eval var=$sSupport.sFields[$sKey]... should be exchanged with the following:

{$sSupport.sFields[$sKey]|replace:'{literal}':''|replace:'{/literal}':''|replace:'%*%':"{s name='RequiredField' namespace='frontend/register/index'}{/s}"}

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-74"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-21T20:52:57Z"
}

References

Affected packages

Packagist / shopware/shopware

Package

Name: shopware/shopware
Purl: pkg:composer/shopware/shopware

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.2.15

Fixed

5.2.16

Affected versions

5.*

5.2.15

v5.*

v5.2.15