Количество 2
Количество 2
CVE-2019-12799
In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserialization to achieve remote code execution. NOTE: this issue is a bypass for a CVE-2017-18357 whitelist patch.
GHSA-rf8f-hqjv-986p
Shopware Insecure Deserialization Vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2019-12799 In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserialization to achieve remote code execution. NOTE: this issue is a bypass for a CVE-2017-18357 whitelist patch. | CVSS3: 8.8 | 29% Средний | больше 6 лет назад |
| GHSA-rf8f-hqjv-986p Shopware Insecure Deserialization Vulnerability | CVSS3: 8.8 | 29% Средний | больше 3 лет назад |
Уязвимостей на страницу