Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2018-0178

Good to know:

icon

Date: September 22, 2017

Authenticated SQL Injection in the Backend

Language: PHP

Severity Score

Related Resources (3)

https://github.com/shopware/shopware/commit/f88bbede6c258bc7be5f42c5eccec80e0b4aa100
https://github.com/shopware/shopware/commit/13f189bcfb0a570f882f554fefaa22771b803b4f
https://www.mend.io/vulnerability-database/WS-2018-0178

Severity Score

Weakness Type (CWE)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

Top Fix

icon

Upgrade Version

Upgrade to version shopware/shopware - dev-dependabot/composer/symfony/validator-5.0.11;shopware/shopware - v5.2.0-BETA1;shopware/shopware - v5.2.3;shopware/shopware - v5.0.3-RC1;shopware/shopware - dev-dependabot/composer/symfony/web-link-5.2.12;shopware/shopware - v5.1.3-RC1;shopware/shopware - dev-dependabot/npm_and_yarn/themes/grunt-contrib-uglify-5.2.2;shopware/shopware - dev-dependabot/npm_and_yarn/themes/md5-file-5.0.0;shopware/shopware - 5.3.x-dev;shopware/shopware - v5.3.4;shopware/shopware - v5.0.4-RC1;shopware/shopware - no_fix;communiacs/shopware - 5.2.21-dev;communiacs/shopware - dev-dependabot/npm_and_yarn/themes/websocket-extensions-0.1.4;communiacs/shopware - 5.3.4;wlwwt/shopware - 5.3.4;wlwwt/shopware - 5.2.21-dev

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us