2 matches found
Improper Access Control
oro/calendar-bundle is vulnerable to Improper Access Control. The vulnerability exists due to the lack of permission checks in the checkPermissions function of SystemCalendarEventController.php. This allows back-office users to access information from any system calendar event, bypassing ACL...
OroCRMCallBundle has incorrect call view page visibility
Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks...