{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22242", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-07T05:19:12.920Z", "datePublished": "2026-01-08T09:59:24.849Z", "dateUpdated": "2026-01-08T14:26:19.902Z"}, "containers": {"cna": {"title": "CoreShop Vulnerable to SQL Injection via Admin Reports", "problemTypes": [{"descriptions": [{"cweId": "CWE-564", "lang": "en", "description": "CWE-564: SQL Injection: Hibernate", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/coreshop/CoreShop/security/advisories/GHSA-ch7p-mpv4-4vg4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/coreshop/CoreShop/security/advisories/GHSA-ch7p-mpv4-4vg4"}, {"name": "https://github.com/coreshop/CoreShop/commit/59e84fec59d113952b6d28a9b30c6317f9e6e5dd", "tags": ["x_refsource_MISC"], "url": "https://github.com/coreshop/CoreShop/commit/59e84fec59d113952b6d28a9b30c6317f9e6e5dd"}], "affected": [{"vendor": "coreshop", "product": "CoreShop", "versions": [{"version": "< 4.1.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-08T09:59:24.849Z"}, "descriptions": [{"lang": "en", "value": "CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using boolean-based or time-based techniques. The database account used by the application is read-only and non-DBA, limiting impact to confidential data disclosure only. No data modification or service disruption is possible. This issue has been patched in version 4.1.8."}], "source": {"advisory": "GHSA-ch7p-mpv4-4vg4", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/coreshop/CoreShop/security/advisories/GHSA-ch7p-mpv4-4vg4", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-08T14:26:16.945977Z", "id": "CVE-2026-22242", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-08T14:26:19.902Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22242", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-08T14:26:16.945977Z"}}}], "references": [{"url": "https://github.com/coreshop/CoreShop/security/advisories/GHSA-ch7p-mpv4-4vg4", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-08T14:26:10.948Z"}}], "cna": {"title": "CoreShop Vulnerable to SQL Injection via Admin Reports", "source": {"advisory": "GHSA-ch7p-mpv4-4vg4", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "coreshop", "product": "CoreShop", "versions": [{"status": "affected", "version": "< 4.1.8"}]}], "references": [{"url": "https://github.com/coreshop/CoreShop/security/advisories/GHSA-ch7p-mpv4-4vg4", "name": "https://github.com/coreshop/CoreShop/security/advisories/GHSA-ch7p-mpv4-4vg4", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/coreshop/CoreShop/commit/59e84fec59d113952b6d28a9b30c6317f9e6e5dd", "name": "https://github.com/coreshop/CoreShop/commit/59e84fec59d113952b6d28a9b30c6317f9e6e5dd", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using boolean-based or time-based techniques. The database account used by the application is read-only and non-DBA, limiting impact to confidential data disclosure only. No data modification or service disruption is possible. This issue has been patched in version 4.1.8."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-564", "description": "CWE-564: SQL Injection: Hibernate"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-08T09:59:24.849Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22242", "state": "PUBLISHED", "dateUpdated": "2026-01-08T14:26:19.902Z", "dateReserved": "2026-01-07T05:19:12.920Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-01-08T09:59:24.849Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:coreshop:coreshop:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D2A63DE-1084-454E-934C-6F3A9BF401DD", "versionEndExcluding": "4.1.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using boolean-based or time-based techniques. The database account used by the application is read-only and non-DBA, limiting impact to confidential data disclosure only. No data modification or service disruption is possible. This issue has been patched in version 4.1.8."}], "id": "CVE-2026-22242", "lastModified": "2026-01-12T16:42:51.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-01-08T10:15:56.127", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/coreshop/CoreShop/commit/59e84fec59d113952b6d28a9b30c6317f9e6e5dd"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/coreshop/CoreShop/security/advisories/GHSA-ch7p-mpv4-4vg4"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/coreshop/CoreShop/security/advisories/GHSA-ch7p-mpv4-4vg4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-564"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T07:43:28.502344+00:00", "value": {"mitigation_remediation": ["Upgrade CoreShop to version 4.1.8 or later to eliminate the SQL injection flaw.", "Limit administrator account privileges and apply the principle of least privilege when creating admin users.", "Enable detailed logging and monitor for anomalous database queries or prolonged time-based delays that may signal exploitation attempts."], "summary": {"action": "Patch Immediately", "impact": "Database Confidentiality Disclosure"}, "threat_synthesis": {"affected_systems": "The affected product is CoreShop from the coreshop vendor. All releases prior to 4.1.8 are vulnerable, and the patch addressing the flaw was introduced in that version. No other product versions are indicated as affected.", "description_and_impact": "The vulnerability is a blind SQL injection that exists in CoreShop before version 4.1.8. An authenticated administrator can use boolean-based or time-based techniques to extract data from the read\u2011only database account. Because the database account is non\u2011DBA, an attacker cannot modify data or disrupt services; the main risk is disclosure of confidential information.", "risk_and_exploitability": "The CVSS score of 4.9 places the vulnerability in the medium severity range, while the EPSS score of less than 1% indicates a very low likelihood of exploitation. The flaw is not listed in CISA\u2019s Known Exploited Vulnerabilities catalog. The attack chain requires authenticated administrator credentials, enabling an insider or compromised account to repeatedly submit crafted queries to read data via blind techniques. No data modification or service disruption is possible from this vector."}}}}, "created": "2026-04-18T07:45:24.984347+00:00", "updated": "2026-04-18T07:45:24.984358+00:00", "vendors": []}