CVE-2024-21665

ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in...

CVE-2024-21665 Pimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list

ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in...

PT-2024-19007 · Pimcore · Pimcore Ecommerce Framework Bundle

Name of the Vulnerable Software and Affected Versions: Pimcore Ecommerce Framework Bundle versions prior to 1.0.10 Description: The issue allows an authenticated and unauthorized user to access the back-office orders list and query over the information returned due to a lack of enforced access...

Authorization

The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the downloadorderdetaillist, changeorderlist, and downloadmemberlist functions called via admininit hooks in versions up to, and including, 2.2.7. This makes it possible for...