Lucene search
Veracode Vulnerability DatabaseVERACODE:13237HistoryJan 16, 2019 - 5:56 a.m.
Unsafe Deserialization
2019-01-1605:56:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.333 Low
EPSS
Percentile
97.1%
shopware/shopware is vulnerable to XML external entity attacks via unsafe deserialization. The sort parameter in the function loadPreviewAction() in the Shopware_Controllers_Backend_ProductStream controller is not validated before PHP object instantiation is performed, which would allow an attacker to perform XXE attacks via a malicious SimpleXMLElement object.
| CPE | Name | Operator | Version |
|---|---|---|---|
| shopware/shopware | le | 5.3.3 |
Related
prion
prion
Design/Logic Flaw
2019-01-15 16:29:00
Deserialization of untrusted data
2019-06-13 20:29:00
nvd
nvd
CVE-2017-18357
2019-01-15 16:29:00
CVE-2019-12799
2019-06-13 20:29:00
zdt
zdt
github
github
Shopware XXE Vulnerability
2022-05-14 01:00:48
Shopware Insecure Deserialization Vulnerability
2022-05-24 16:48:00
cve
cve
CVE-2017-18357
2019-01-15 16:29:00
CVE-2019-12799
2019-06-13 20:29:00
packetstorm
packetstorm
Shopware createInstanceFromNamedArguments PHP Object Instantiation
2019-05-22 00:00:00
osv
osv
Shopware XXE Vulnerability
2022-05-14 01:00:48
Shopware Insecure Deserialization Vulnerability
2022-05-24 16:48:00
cvelist
cvelist
CVE-2017-18357
2019-01-15 16:00:00
CVE-2019-12799
2019-06-13 19:18:41
veracode
veracode
Unsafe Deserialization
2019-06-14 03:53:18