CVE-2023-22731— Shopware 代码注入漏洞

Improper Control of Generation of Code in Twig rendered views in shopware

Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment **without the Sandbox extension**, it is possible to refer to PHP functions in twig filters like `map`, `filter`, `sort`. This allows a template to call any global PHP function and thus execute arbitrary code. The attacker must have access to a Twig environment in order to exploit this vulnerability. This problem has been fixed with 6.4.18.1 with an override of the specified filters until the integration of the Sandbox extension has been finished. Users are advised to upgrade. Users of major versions 6.1, 6.2, and 6.3 may also receive this fix via a plugin.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

对生成代码的控制不恰当(代码注入)

Shopware 代码注入漏洞

Shopware是德国Shopware公司的一套开源电子商务软件。 Shopware 存在代码注入漏洞，该漏洞源于在 Twig 环境中添加 **without the Sandbox extension** 环境变量后，可以在 Twig 过滤器中引用 PHP 函数，如“map”、“filter”、“sort”。 这将允许模板调用任何全局 PHP 函数，从而执行任意代码。

N/A

N/A