Showing 1 - 5 of 5

Files

Shopware 3.5 SQL Injection: Posted Jul 14, 2012; Authored by Kataklysmos; Shopware version 3.5 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 5a6df1b8bd0a494ca93cc2d947cf380ac0ddc0a03aa982f3f7ca4cdd7b20e18c; Download | Favorite | View

Related Files

Shopware 5.5.6 Cross Site Scripting: Posted May 31, 2019; Authored by Daniel Bishtawi | Site netsparker.com; Shopware version 5.5.6 suffers from multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; advisories | CVE-2019-12935; SHA-256 | eb25c1077ef6a645db6b377e7b7a016595162543b874efa6accee2d46294a0ee; Download | Favorite | View

Shopware createInstanceFromNamedArguments PHP Object Instantiation: Posted May 22, 2019; Authored by mr_me, Karim Ouerghemmi | Site metasploit.com; This Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently performs whitelist check which can be bypassed to trigger an object injection. An attacker can leverage this to deserialize an arbitrary payload and write a webshell to the target system, resulting in remote code execution. Tested on Shopware git branches 5.6, 5.5, 5.4, 5.3.; tags | exploit, remote, arbitrary, php, code execution; advisories | CVE-2017-18357; SHA-256 | 663b17e7e771b4cd3b76f4e9be53f77eb788f99d74c6047ec270aeb991f94fd8; Download | Favorite | View

Shopware 5.3.7 Cross Site Request Forgery: Posted Mar 13, 2018; Site redteam-pentesting.de; Shopware versions 4.0.1 through 5.3.7 suffer from a cross site request forgery vulnerability. Malicious, third-party websites may abuse this API to list, add or remove products from a user's cart.; tags | exploit, csrf; SHA-256 | 0c973cc0b8b396e326136493e77ee67e1e021b531a57d187e3ca1760ce5aca8a; Download | Favorite | View

Shopware 5.2.5 / 5.3 Cross Site Scripting: Posted Jan 20, 2018; Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com; Shopware versions 5.2.5 and 5.3 suffer from multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | b471a5e256c97126390d22fa59933bf0e16731fcf8c452be780c45afc132dd47; Download | Favorite | View

Shopware Remote Code Execution: Posted Apr 23, 2016; Authored by David Vieira-Kurz; Shopware versions prior to 5.1.5 suffer from a remote code execution vulnerability.; tags | advisory, remote, code execution; advisories | CVE-2016-3109; SHA-256 | 8ed34df1b1c5c4feb506c2ffe5618e3c1345315775fedc648d88ef2fcbe643b1; Download | Favorite | View

Page 1 of 1 Back 1 Next