Search for vulnerabilities
| Vulnerability ID | VCID-b9t6-7zka-gfgd |
| Aliases |
GHSA-6wh5-mw9h-5c3w
|
| Summary | Shopware vulnerable to path traversal via Plugin upload A path traversal vulnerability allows malicious actors to access files and folders that are outside the folder structure accessible to the affected function. This vulnerability occurs when an application uses unfiltered user input to point to the path of a specific file and retrieve it. This can result in gaining read/write access to sensitive information, application code, back-end systems and other (critical) files on the operating system. In certain cases, it is even possible to store arbitrary files outside the relevant directory structure on the server in order to gain access to the server. |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| cvssv3.1_qr | LOW | https://github.com/advisories/GHSA-6wh5-mw9h-5c3w |
| cvssv3.1_qr | LOW | https://github.com/shopware/shopware/security/advisories/GHSA-6wh5-mw9h-5c3w |
| Reference id | Reference type | URL |
|---|---|---|
| https://github.com/shopware/shopware | ||
| https://github.com/shopware/shopware/commit/0965b35a527756faab2cec5a4ff172d79b0f99be | ||
| GHSA-6wh5-mw9h-5c3w | https://github.com/advisories/GHSA-6wh5-mw9h-5c3w | |
| GHSA-6wh5-mw9h-5c3w | https://github.com/shopware/shopware/security/advisories/GHSA-6wh5-mw9h-5c3w |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-05-30T21:04:29.848750+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/core/GHSA-6wh5-mw9h-5c3w.yml | 38.6.0 |