Impact
The vulnerability is present in JTL Shop versions 5.2.0 through 5.7.1. It allows unauthenticated users to inject arbitrary Smarty template syntax because user input is not sanitized before rendering. In early versions the flaw can expose sensitive data such as database credentials and encryption keys. In versions 5.4.0 through 5.7.1 the vulnerability also lets an attacker use registered Smarty modifiers (unserialize, file_get_contents) to write a webshell to the web root and execute arbitrary commands with the web server’s privileges, providing full compromise of the application and potentially the host.
Affected Systems
Affected installations are JTL Software JTL Shop running any release from 5.2.0 to 5.7.1. The issue affects all builds in this range, with versions 5.4.0‑5.7.1 additionally susceptible to shell code injection. Administrators should confirm the exact running version and apply remediation accordingly.
Risk and Exploitability
The CVSS score of 9.3 indicates critical severity. EPSS is not available, so exploitation probability is currently unknown, but the vulnerability is not yet listed in the CISA KEV catalog. The likely attack vector is an unauthenticated HTTP request to a Smarty rendering endpoint, which can be abused to read sensitive information or deploy a webshell, resulting in remote code execution.
OpenCVE Enrichment