Shopware 5.3.3: PHP Object Instantiation to Blind XXE
8 min read
8 Nov 2017
by
Karim El Ouerghemmi
Shopware is a popular e-commerce software. Within only 4 minutes, RIPS discovered two vulnerabilities in the code that bases on Symfony, Doctrine and the Zend Framework. In this blog post we investigate the exploitation of one of these: A rare PHP object instantiation vulnerability (CVE-2017-18357).