CVE-2026-54390P2CRITICALCVSS 9.8≥ 5.2.0, < 5.4.0·≥ 5.4.0, ≤ 5.7.12026-06-18
CVE-2026-54390 [CRITICAL] CWE-1336 CVE-2026-54390: JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that a
JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to read sensitive server-side values such as database credentials and e
nvd