VYPR

Packagist (Composer) package

coreshop/core-shop

pkg:composer/coreshop/core-shop

Vulnerabilities (3)

  • CVE-2026-41249HigJun 4, 2026

    CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.github/workflows/static.yml`) uses the `pull_request_target` trigger but dangerously checks out the unverified code from the pull request head (`ref: ${{ git

  • CVE-2026-23959Jan 22, 2026
    affected < 4.1.9fixed 4.1.9

    CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the `CustomerTransformerController` within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a

  • CVE-2026-22242Jan 8, 2026
    affected < 4.1.8fixed 4.1.8

    CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using boolean-based or time-based techniques. The database a