Critical severity9.8NVD Advisory· Published Apr 21, 2017· Updated May 13, 2026
CVE-2016-3109
CVE-2016-3109
Description
The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
shopware/shopwarePackagist | < 4.3.7 | 4.3.7 |
shopware/shopwarePackagist | >= 5.0.0, < 5.1.5 | 5.1.5 |
Affected products
1Patches
1d73e9031a5b2Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
10- github.com/shopware/shopware/commit/d73e9031a5b2ab6e918eb86d1e2b2e873cd3558dnvdPatchThird Party AdvisoryWEB
- packetstormsecurity.com/files/136781/Shopware-Remote-Code-Execution.htmlnvdExploitPatchThird Party AdvisoryVDB EntryWEB
- www.securityfocus.com/bid/97979nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-cj2f-96jq-phppghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-3109ghsaADVISORY
- community.shopware.com/_detail_1918.htmlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/CVE-2016-3109.yamlghsaWEB
- web.archive.org/web/20200814090044/http://www.securityfocus.com/archive/1/538173/100/0/threadedghsaWEB
- web.archive.org/web/20210125193827/http://www.securityfocus.com/bid/97979ghsaWEB
- www.securityfocus.com/archive/1/538173/100/0/threadednvd
News mentions
0No linked articles in our index yet.