4 matches found
CVE-2019-12799
In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserialization to achieve remote code...
CVE-2019-12799
In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserialization to achieve remote code...
CVE-2019-12799
Shopware vulnerability CVE-2019-12799 affects the createInstanceFromNamedArguments function in Shopware up to version 5.6.x, where a crafted web request can trigger PHP object instantiation leading to arbitrary deserialization and remote code execution. The issue bypasses a prior whitelist patch ...
CVE-2019-12799
creationtimestamp| type| source ---|---|--- 2019-05-17 23:32:16+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/shopwarecreateinstancefromnamedargumentsrce.rb 2025-02-06 03:13:44+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23...