CNNVD-202601-2370 Information
CNNVD ID
CNNVD-202601-2370
Related CVE
- CNNVD Published: 2026-01-14
Description (Chinese)
Shopware是德国Shopware公司的一套开源电子商务软件。 Shopware 6.7.6.1之前版本存在代码注入漏洞,该漏洞源于CVE-2023-2017漏洞的回归导致数组和特制的PHP闭包未针对map(…)覆盖的允许列表进行检查。
Description (English)
Shopware is an open-source e-commerce software package for the German company Shopware. The pre-Shopware 6.7.6.1 version contains a code injection loophole, which originated from the return of the CVE-2023-2017 loophole, resulting in the failure of the array and specially designed PHP shut-off to check the allowed list covered by Map(…).
Hazard Level
Medium
Vulnerability Type
代码注入
Affected Vendor
Shopware
Published
2026-01-14
Last Modified
2026-02-24
References
https://github.com/shopware/shopware/security/advisories/GHSA-7cw6-7h3h-v8pf https://github.com/shopware/shopware/commit/3966b05590e29432b8485ba47b4fcd14dd0b8475 https://access.redhat.com/security/cve/cve-2026-23498
Patch
https://www.shopware.com/en/changelog/
Share on: