Moderate severityGHSA Advisory· Published Jan 15, 2019· Updated Aug 5, 2024
CVE-2017-18357
CVE-2017-18357
Description
Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
shopware/shopwarePackagist | < 5.3.4 | 5.3.4 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-6m27-7cqj-2mxwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-18357ghsaADVISORY
- packetstormsecurity.com/files/152995/Shopware-createInstanceFromNamedArguments-PHP-Object-Instantiation.htmlghsax_refsource_MISCWEB
- blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxeghsaWEB
- blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe/mitrex_refsource_MISC
- demo.ripstech.com/projects/shopware_5.3.3ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.