Lucene search
Veracode Vulnerability DatabaseVERACODE:20546HistoryJun 14, 2019 - 3:53 a.m.
Unsafe Deserialization
2019-06-1403:53:18
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.333 Low
EPSS
Percentile
97.1%
shopware/shopware is vulnerable to XML external entity attacks via unsafe deserialization. The sort parameter in the function loadPreviewAction() in the Shopware_Controllers_Backend_ProductStream controller is not validated before PHP object instantiation is performed, which would allow an attacker to perform XXE attacks via a malicious SimpleXMLElement object. This CVE is a bypass of the fix in CVE-2017-18357.
| CPE | Name | Operator | Version |
|---|---|---|---|
| shopware/shopware | le | 5.6.x-dev |
Related
osv
osv
Shopware Insecure Deserialization Vulnerability
2022-05-24 16:48:00
Shopware XXE Vulnerability
2022-05-14 01:00:48
cvelist
cvelist
CVE-2019-12799
2019-06-13 19:18:41
CVE-2017-18357
2019-01-15 16:00:00
prion
prion
Deserialization of untrusted data
2019-06-13 20:29:00
Design/Logic Flaw
2019-01-15 16:29:00
cve
cve
CVE-2019-12799
2019-06-13 20:29:00
CVE-2017-18357
2019-01-15 16:29:00
github
github
Shopware Insecure Deserialization Vulnerability
2022-05-24 16:48:00
Shopware XXE Vulnerability
2022-05-14 01:00:48
nvd
nvd
CVE-2019-12799
2019-06-13 20:29:00
CVE-2017-18357
2019-01-15 16:29:00
zdt
zdt
packetstorm
packetstorm
Shopware createInstanceFromNamedArguments PHP Object Instantiation
2019-05-22 00:00:00
veracode
veracode
Unsafe Deserialization
2019-01-16 05:56:27