2 matches found
CVE-2021-23405
This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class...
CVE-2021-23405
CVE-2021-23405 affects pimcore/pimcore before 10.0.7. Multiple connected sources confirm an SQL injection caused by missing validation on the storeId parameter in ClassificationstoreController’s collectionsActionGet and groupsActionGet. Impact is high (CVSSv3.1: 8.8) with network access and no us...