CVE-2021-23405

Summary

This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class.

Affected Software

VendorProductVersion RangeStatus
n/apimcore/pimcoreunspecified < 10.0.7affected

Weaknesses

  • SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References