CVE-2023-22731Code Injection in Platform

CWE-94Code InjectionCWE-1336Improper Neutralization of Special Elements Used in a Template EngineCWE-184Incomplete List of Disallowed Inputs6 documents3 sources
Severity
8.8HIGHNVD
EPSS
1.7%
top 17.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Shopware PlatformShopwareShopware Core
Timeline
PublishedJan 17
Latest updateApr 18

Description

Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment **without the Sandbox extension**, it is possible to refer to PHP functions in twig filters like `map`, `filter`, `sort`. This allows a template to call any global PHP function and thus execute arbitrary code. The attacker must have access to a Twig environment in order to exploit this vulnerability. This problem has been fixed with 6.4.18.1 with an override of the specified filters until th

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

CVEListV5shopware/platform< 6.4.18.1
Packagistshopware/platform< 6.4.20.1+1
Packagistshopware/core< 6.4.20.1+1
NVDshopware/shopware6.1.06.4.20.0+2
CVEListV5shopware/shopware>= 6.7.0.0, < 6.7.6.1

Patches

Patch: docs.shopware.comPatch: github.comPatch: docs.shopware.com

🔴Vulnerability Details

4
GHSA
Shopware Has Improper Control of Generation of Code in Twig rendered views2023-04-18
OSV
Shopware Has Improper Control of Generation of Code in Twig rendered views2023-04-18
GHSA
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views2023-01-17
OSV
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views2023-01-17