Search the Community
Showing results for tags 'shopware'.
-
Shopware version 5.5.6 suffers from multiple cross site scripting vulnerabilities. View the full article
-
This Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently performs whitelist check which can be bypassed to trigger an object injection. An attacker can leverage this to deserialize an arbitrary payload and write a webshell to the target system, resulting in remote code execution. Tested on Shopware git branches 5.6, 5.5, 5.4, 5.3. View the full article
-
- shopware
- createinstancefromnamedarguments
-
(and 3 more)
Tagged with: