Main Vulnerability Database Vulnerabilities #VU55983

Command Injection in Shopware - CVE-2021-37708

Published: August 19, 2021 / Updated: April 24, 2026

Vulnerability identifier: #VU55983

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2021-37708

CWE-ID: CWE-77

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Shopware

Software vendor:
Shopware

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation in mail agent settings. A remote attacker can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://github.com/shopware/platform/commit/82d8d1995f6ce9054323b2c3522b1b3cf04853aa
https://github.com/shopware/platform/security/advisories/GHSA-xh55-2fqp-p775
https://github.com/shopware/shopware/security/advisories/GHSA-xh55-2fqp-p775

Command Injection in Shopware - CVE-2021-37708

Description

Remediation

External links

Please verify you're human