CVE-2024-21665
CVE-2024-21665 affects Pimcore’s ecommerce-framework-bundle. An authenticated user without proper permissions can access the back-office orders list via the admin/ecommerceframework/admin-order/list endpoint, indicating insufficient access control. Root cause: lack of permission enforcement for t...