Under certain conditions it is possible to execute unauthorized code in Shopware. This is a critical security vulnerability that not only affect the functions of the shop. It can also have an impact on the overall system. The vulnerability affects all Shopware versions 4.0.0 up to 5.1.4. Currently no cases are known in which the vulnerability has been actively exploited, but we strongly recommend to upgrade to the current version (5.1.5 or 4.3.7) of Shopware. If it is not possible to update to this versions of Shopware, please perform one of the following steps:
When you use the license plugin version 1.1.2, you are not affected by the vulnerability. If you running an older version, it is highly recommend to update to 1.1.2.