CVE-2016-3109

Description

The `backend/Login/load/` script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code.

How to fix CVE-2016-3109

To remediate CVE-2016-3109, upgrade the affected package to a fixed version below.

• Packagist/shopware/shopware—upgrade to 4.3.7 or later

Is CVE-2016-3109 being exploited?

Moderate — EPSS is 28.6%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 4.3.7

CVSS scores

References (7)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2016-3109
• WEBpacketstormsecurity.com/files/136781/Shopware-Remote-Code-Execution.html
• WEBcommunity.shopware.com/_detail_1918.html
• WEBgithub.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/CVE-2016-3109.yaml