[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109)
From: David Vieira-Kurz <david.vieira-kurz () immobilienscout24 ! de>
Date: 2016-04-23 10:31:03
Message-ID: HE1PR07MB0811AE9F012C86B8E35CF244C5600 () HE1PR07MB0811 ! eurprd07 ! prod ! outlook ! com
[Download RAW message or body]
CREDITS
========
This issue has been identified by David Vieira-Kurz of Immobilien Scout GmbH.
CVE
====
CVE-2016-3109
AFFECTED PRODUCT
==================
Shopware < 5.1.5 : https://en.shopware.com/
IMPACT
=======
This issue has been triaged with the highest severity (CRITICAL) by the Shopware maintainer \
because it allows unauthenticated remote code execution by any attacker! This means that an \
attacker is able to read ANY files on the target system, create new files with malicious \
content and run arbitrary code on the target system.
PROOF OF CONCEPT
==================
The script located at "/backend/Login/load/" is prone to remote code execution.
A proof of concept has been sent to the maintainer and verified by the maintainer of Shopware.
For the time being we will not provide any exploit code publicly.
TIMELINE
========
05/Apr/2016: issue has been identified
05/Apr/2016: issue and poc has been sent to the maintainer
06/Apr/2016: maintainer has verified the issue
07/Apr/2016: maintainer sent hotfix for review
11/Apr/2016: maintainer released a hotfix as version 5.1.5
23/Apr/2016: this advisory has been published
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic