Full Disclosure

Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109)

April 26, 2016 007admin Leave a comment

Posted by David Vieira-Kurz on Apr 26

CREDITS

========

This issue has been identified by David Vieira-Kurz of Immobilien Scout GmbH.

CVE

====

CVE-2016-3109

AFFECTED PRODUCT

==================

Shopware < 5.1.5 : https://en.shopware.com/

IMPACT

=======

This issue has been triaged with the highest severity (CRITICAL) by the Shopware maintainer because it allows
unauthenticated remote code execution by any attacker! This means that an attacker is able to read ANY files on…

007 Software

Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109)

Leave a Reply Cancel reply

Software and Security Information