Improper Authorization

shopware/core is vulnerable to Improper Authorization.The vulnerability is due to media visibility restrictions not being enforced on aggregation API requests, which allows an attacker with low-privilege backend access to bypass authorization checks using crafted aggregation queries and disclose...