[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [FD] Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109)
From:       David Vieira-Kurz <david.vieira-kurz () immobilienscout24 ! de>
Date:       2016-04-23 10:31:03
Message-ID: HE1PR07MB0811AE9F012C86B8E35CF244C5600 () HE1PR07MB0811 ! eurprd07 ! prod ! outlook ! com
[Download RAW message or body]

CREDITS

========

This issue has been identified by David Vieira-Kurz of Immobilien Scout GmbH.


CVE

====

CVE-2016-3109


AFFECTED PRODUCT

==================

Shopware < 5.1.5 : https://en.shopware.com/


IMPACT

=======

This issue has been triaged with the highest severity (CRITICAL) by the Shopware maintainer \
because it allows unauthenticated remote code execution by any attacker! This means that an \
attacker is able to read ANY files on the target system, create new files with malicious \
content and run arbitrary code on the target system.


PROOF OF CONCEPT

==================

The script located at "/backend/Login/load/" is prone to remote code execution.

A proof of concept has been sent to the maintainer and verified by the maintainer of Shopware.

For the time being we will not provide any exploit code publicly.


TIMELINE

========

05/Apr/2016: issue has been identified

05/Apr/2016: issue and poc has been sent to the maintainer

06/Apr/2016: maintainer has verified the issue

07/Apr/2016: maintainer sent hotfix for review

11/Apr/2016: maintainer released a hotfix as version 5.1.5

23/Apr/2016: this advisory has been published




_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


[prev in list] [next in list] [prev in thread] [next in thread]