CVE-2026-22242

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions CoreShop versions prior to 4.1.8

Description CoreShop is a Pimcore enhanced eCommerce solution. A blind SQL injection exists in the application that allows an authenticated administrator-level user to extract database contents using boolean-based or time-based techniques. The database account used by the application is read-only and non-DBA, limiting impact to confidential data disclosure only. No data modification or service disruption is possible.

Recommendations Update CoreShop to version 4.1.8 or later.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-564CWE-89

Related Identifiers

CVE-2026-22242

GHSA-CH7P-MPV4-4VG4

Affected Products

Coreshop

CVE-2026-22242

Weakness Enumeration

Related Identifiers

Affected Products

References · 9