CVE-2021-23340
CVE-2021-23340 affects pimcore/pimcore pre-6.8.8 and is a Local File Inclusion in the downloadCsvAction of CustomReportController.php. An authenticated user can access /admin/reports/custom-report/download-csv?exportFile=[...] with an unsanitized exportFile parameter, enabling local file inclusio...