Bypazs

**Name of the Vulnerable Software and Affected Versions** CoreShop versions prior to 4.1.9 **Description** An error-based SQL Injection issue exists in the `CustomerTransformerController` within the CoreShop admin panel. The affected endpoint improperly incorporates user-supplied input into a SQL query, potentially leading to database error disclosure and data extraction. The vulnerability is located in the company name duplication check endpoint: `/admin/coreshop/customer-company-modifier/duplication-name-check?value=`. The `$value` parameter is user-controlled and not properly escaped or bound as a prepared statement parameter. Providing a double quote (`"`) causes a SQL syntax error, confirming the injection point. The vulnerable file is `/app/repos/coreshop/src/CoreShop/Bundle/CustomerBundle/Controller/CustomerTransformerController.php`, and the vulnerable code pattern is `sprintf('name LIKE "%%%s%%"', (string) $value)`. Exploitation involves triggering a SQL error to confirm the injection and potentially extracting data. **Recommendations** Versions prior to 4.1.9: Use parameterized queries instead of string concatenation or `sprintf` to build SQL conditions. Apply strict input validation before processing user data. Handle database errors gracefully by returning controlled JSON error responses instead of raw 500 error pages.