Lucene search
K

5 matches found

OSV
OSV
added 2022/05/24 4:48 p.m.8 views

GHSA-RF8F-HQJV-986P Shopware Insecure Deserialization Vulnerability

In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserialization to achieve remote code...

8.8CVSS7.1AI score0.54681EPSS
Exploits1References5
Veracode
Veracode
added 2019/06/14 3:53 a.m.13 views

Unsafe Deserialization

shopware/shopware is vulnerable to XML external entity attacks via unsafe deserialization. The sort parameter in the function loadPreviewAction in the ShopwareControllersBackendProductStream controller is not validated before PHP object instantiation is performed, which would allow an attacker to...

8.8CVSS6.6AI score0.54681EPSS
Exploits6References2Affected Software1
Prion
Prion
added 2019/06/13 8:29 p.m.17 views

Deserialization of untrusted data

In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserialization to achieve remote code...

6.5CVSS7.1AI score0.54681EPSS
Exploits6References1Affected Software1
CVE
CVE
added 2019/06/13 7:18 p.m.87 views

CVE-2019-12799

Shopware vulnerability CVE-2019-12799 affects the createInstanceFromNamedArguments function in Shopware up to version 5.6.x, where a crafted web request can trigger PHP object instantiation leading to arbitrary deserialization and remote code execution. The issue bypasses a prior whitelist patch ...

8.8CVSS7AI score0.54681EPSS
Exploits1References1Affected Software1
Circl
Circl
added 2019/01/15 6:57 p.m.19 views

CVE-2017-18357

creationtimestamp| type| source ---|---|--- 2019-01-15 18:57:32+00:00| seen| https://t.me/cibsecurity/2037 2019-05-17 23:32:16+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/shopwarecreateinstancefromnamedargumentsrce.rb 2019-05-23...

6.5CVSS6.8AI score0.27074EPSS
Exploits6References3
Rows per page
Query Builder