coreshop/core-shop Security Advisories (3)
-
[HIGH] CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration
PKSA-9rch-wbbh-7nr6 CVE-2026-41249 GHSA-q58j-g3f4-h26h
Affected version: =5.0.0
Reported by:
GitHub -
[MEDIUM] CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier
PKSA-vfgm-9q5v-977q CVE-2026-23959 GHSA-fqcv-8859-86x2
Affected version: <4.1.9
Reported by:
GitHub -
[MEDIUM] CoreShop Vulnerable to SQL Injection via Admin Reports
PKSA-x7h5-362r-pw3g CVE-2026-22242 GHSA-ch7p-mpv4-4vg4
Affected version: <=4.1.7
Reported by:
GitHub