The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HShopware
APPShopwareβ€ 5.1.4
π΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References
Related vulnerabilities
CVE-2024-22406CRITICAL9.3PL βten sam produkt
SQL injection w API wyszukiwania Shopware przez pole 'name' agregacji
CVE-2023-22731CRITICAL9.9ten sam produkt
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment **wi...
CVE-2021-32711CRITICAL9.1ten sam produkt
Shopware is an open source eCommerce platform. Versions prior to 6.3.5.1 may leak of information via Store-API...
CVE-2026-31887HIGH8.9ten sam produkt
Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter typ...
CVE-2026-31889HIGH8.9ten sam produkt
Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app reg...