writeups.xyz / (CVE-2023-2017) Shopware 6 Server-side Template Injection (SSTI) via Twig Security Extension

Submitter : c2a

Date: 17 April 2023

Bounty : undisclosed

Vulnerabilities :

• SSTI
• RCE
• Security Code Review

Programs :

• Shopware

Authors :

• Ngo Wei Lin (@Creastery)

Link :
https://starlabs.sg/advisories/23/23-2017/