JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to read sensitive server-side values such as database credentials and encryption keys, and on versions 5.4.0 through 5.7.1, leverage registered Smarty modifiers including unserialize and file_get_contents to write a webshell to the web root and execute arbitrary commands as the web server user.
Metrics
Affected Vendors & Products
References
History
Mon, 22 Jun 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 18 Jun 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Jtl-software
Jtl-software jtl-shop |
|
| Vendors & Products |
Jtl-software
Jtl-software jtl-shop |
Thu, 18 Jun 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to read sensitive server-side values such as database credentials and encryption keys, and on versions 5.4.0 through 5.7.1, leverage registered Smarty modifiers including unserialize and file_get_contents to write a webshell to the web root and execute arbitrary commands as the web server user. | |
| Title | JTL Shop < 5.7.2 Server-Side Template Injection via Smarty Renderer | |
| Weaknesses | CWE-1336 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published: 2026-06-18T17:33:46.230Z
Updated: 2026-06-23T11:39:42.099Z
Reserved: 2026-06-12T20:20:02.950Z
Link: CVE-2026-54390
Updated: 2026-06-22T12:39:34.065Z
No data.
No data.