Vulnerability Details : CVE-2017-18357
Public exploit exists!
Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object.
Vulnerability category: XML external entity (XXE) injection
Products affected by CVE-2017-18357
- cpe:2.3:a:shopware:shopware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-18357
33.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2017-18357
-
Shopware createInstanceFromNamedArguments PHP Object Instantiation RCE
Disclosure Date: 2019-05-09First seen: 2020-04-26exploit/multi/http/shopware_createinstancefromnamedarguments_rceThis module exploits a php object instantiation vulnerability that can lead to RCE in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently pe
CVSS scores for CVE-2017-18357
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2017-18357
-
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-18357
-
https://demo.ripstech.com/projects/shopware_5.3.3
100% RIPSThird Party Advisory
-
https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe/
Shopware 5.3.3: PHP Object Instantiation to Blind XXEExploit;Third Party Advisory
-
http://packetstormsecurity.com/files/152995/Shopware-createInstanceFromNamedArguments-PHP-Object-Instantiation.html
Shopware createInstanceFromNamedArguments PHP Object Instantiation ≈ Packet Storm
Jump to