GHSA-pxq6-fr5m-fwh5CriticalCVSS 9.8
JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability...
🔗 CVE IDs covered (1)
📋 Description
JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to read sensitive server-side values such as database credentials and encryption keys, and on versions 5.4.0 through 5.7.1, leverage registered Smarty modifiers including unserialize and file_get_contents to write a webshell to the web root and execute arbitrary commands as the web server user.
🔗 References (5)
- https://nvd.nist.gov/vuln/detail/CVE-2026-54390
- https://forum.jtl-software.de/threads/jtl-shop-5-7-aktuell-5-7-2.246278
- https://sansec.io/research/jtl-shop-ssti-rce
- https://www.vulncheck.com/advisories/jtl-shop-server-side-template-injection-via-smarty-renderer
- https://github.com/advisories/GHSA-pxq6-fr5m-fwh5