Login Sign Up

CVE-2026-22242

4.9 MEDIUM
SQL Injection

📋 TL;DR

CoreShop versions before 4.1.8 contain a blind SQL injection vulnerability that allows authenticated administrator users to extract database contents using boolean-based or time-based techniques. The vulnerability only affects authenticated administrators and the database account is read-only, limiting impact to data disclosure without modification or service disruption.

💻 Affected Systems

Products:
  • CoreShop
Versions: All versions prior to 4.1.8
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated administrator access to exploit

📦 What is this software?

Coreshop by Coreshop

View all CVEs affecting Coreshop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Confidential database contents could be fully extracted by a malicious administrator, potentially exposing sensitive customer data, order information, or business data.

🟠

Likely Case

Limited data extraction by a compromised administrator account, exposing some confidential information but not causing system disruption.

🟢

If Mitigated

No impact if proper access controls prevent unauthorized administrator access and the system is patched.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires administrator credentials and knowledge of blind SQL injection techniques

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.1.8

Vendor Advisory: https://github.com/coreshop/CoreShop/security/advisories/GHSA-ch7p-mpv4-4vg4

Restart Required: Yes

Instructions:

1. Backup your CoreShop installation and database. 2. Update CoreShop to version 4.1.8 or later via composer: 'composer require coreshop/core-shop:^4.1.8'. 3. Clear cache and restart the application.

🔧 Temporary Workarounds

Restrict Administrator Access

all

Limit administrator account access to trusted personnel only and implement strong authentication controls

Database Query Monitoring

all

Implement database query logging and monitoring to detect suspicious SQL injection attempts

🧯 If You Can't Patch

  • Implement strict access controls for administrator accounts and monitor for suspicious activity
  • Deploy a web application firewall (WAF) with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check CoreShop version via composer: 'composer show coreshop/core-shop | grep versions'

Check Version:

composer show coreshop/core-shop | grep versions

Verify Fix Applied:

Verify version is 4.1.8 or higher: 'composer show coreshop/core-shop | grep versions'

📡 Detection & Monitoring

Log Indicators:

  • Unusual database query patterns from administrator accounts
  • Multiple failed boolean-based SQL queries
  • Time-delayed database responses

Network Indicators:

  • Repeated SQL-like parameter manipulation in POST/GET requests from authenticated sessions

SIEM Query:

source="web_logs" AND (uri="*admin*" OR user="*admin*") AND (query="*SELECT*" OR query="*SLEEP*" OR query="*WAITFOR*" OR query="*BENCHMARK*")

📊 Metadata

CVE ID: CVE-2026-22242
CVSS v3 Score: 4.9 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-564
EPSS Score: 0.03% exploit probability (8.3th percentile)
Published: January 8, 2026
Last Updated: January 12, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-22242, you might also want to check these:

CVE-2025-8052 8.8

This SQL injection vulnerability in OpenText Flipper allows low-privilege users to execute arbitrary...

Same vulnerability type (CWE-564)
CVE-2025-0959 8.8

This SQL injection vulnerability in the Eventer WordPress plugin allows authenticated attackers with...

Same vulnerability type (CWE-564)
CVE-2024-48988 7.6

This CVE describes an SQL injection vulnerability in Apache StreamPark's SpringBoot distribution pac...

Same vulnerability type (CWE-564)