mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 02:45:46 +02:00
0xMarcio
1.0 KiB
1.0 KiB
CVE-2019-0344
&color=blue)
Description
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.
POC
Reference
No PoCs from references.
Github
- https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
- https://github.com/BrittanyKuhn/javascript-tutorial
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
- https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet