Shopware 5.3.3: PHP Object Instantiation to Blind XXE

Shopwareis a popular e-commerce software. It is based on PHP using technologies like Symfony 2, Doctrine and the Zend Framework. The code base of its open source community edition encompasses over 690,000 lines of code which we scanned for security vulnerabilities with our RIPS static code...

Shopware 5.3.3: PHP Object Instantiation to Blind XXE

Who is affected Installations with following requirements are affected by this vulnerabilities: Shopware version = 5.3.3 and = 5.1 Impact - What can an attacker do In order to exploit the found vulnerabilities an attacker needs to be able to use the backend functionality of Shopware, specifically...