-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from unsafe interpolation of user-controlled aggregation names into SQL queries. The commit diff shows multiple instances where SELECT alias names (derived from aggregation 'name' field) were wrapped with backticks directly without escaping. The patch introduced EntityDefinitionQueryHelper::escape() to sanitize these values. The added test 'testAggregationWithBacktickInName' confirms injection via aggregation names was possible. The affected methods in EntityAggregator.php handled aggregation parameters and constructed SQL queries using vulnerable sprintf patterns like 'AVG(%s) as %s' which directly incorporated user input into query structure.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| shopware/core | composer | <= 6.5.7.3 | 6.5.7.4 |
| shopware/platform | composer | <= 6.5.7.3 | 6.5.7.4 |
PHPPHPKEV Misses 88% of Exploited CVEs- Get the report