CVE-2024-21665

Vulnerability Description

ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in version 1.0.10.

Vulnerability Details

Published Date

January 11, 2024

Last Modified

November 21, 2024

Source

NVD

CVE-2024-21665

Vulnerability Description

Vulnerability Details

Discussion (0)

Add Comment