Back to directory
WRITEUP #1286

(CVE-2023-2017) Shopware 6 Server-side Template Injection (SSTI) via Twig Security Extension

RCESSTISecurity code review
by@Creastery(Ngo Wei Lin)
Program
Shopware
Published
Apr 17, 2023
Added to HackDex
Apr 24, 2023
Read Full Writeuphttps://starlabs.sg/advisories/23/23-2017/
RELATED WRITEUPS
WPML Multilingual CMS Authenticated Contributor+ Remote Code Execution (RCE) via Twig Server-Side Template Injection (SSTI)
RCESSTI
Chaining Three Bugs to Access All Your ServiceNow Data
RCESSTI
Getting code execution on Veeam through CVE-2023-27532
RCEInsecure deserialization
Spip Preauth RCE 2024: Part 2, A Big Upload
RCEFile upload
Back To School - Exploiting A Remote Code Execution Vulnerability In Moodle
RCESecurity code review

Built with ❤️ by Shubham Rawat