Home > Vulnerability Database > WS-2021-0043

Mend.io Vulnerability Database

WS-2021-0043

Date: August 19, 2025

Authenticated Remote Code Execution (RCE) vulnerability was found in shopware/platform before 6.3.5.2. Authenticated remote code execution using plugin manager without ACL permissions.

Language: PHP

Severity Score

8.8

Related Resources (5)

Url: https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-03-2021

Url: https://github.com/advisories/GHSA-pjj4-jjgc-h3r8

Url: https://github.com/shopware/platform/commit/d08f54aabb2228028e79f8bd5fc72fce8794c862

Url: https://github.com/shopware/platform/security/advisories/GHSA-pjj4-jjgc-h3r8

Url: https://www.mend.io/vulnerability-database/WS-2021-0043

Severity Score

8.8

Weakness Type (CWE)

Code

CWE-17

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2021-0043

Date: August 19, 2025

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?