Security Advisory

CVE-2017-18357

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-01-15 16:00:00

Last updated 2024-08-05 21:20:50

Assigner mitre

State PUBLISHED

Description

Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object.

← Browse all CVEs View on cve.org ↗