Описание
SQL injection in pimcore/pimcore
This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class.
Пакеты
Наименование
pimcore/pimcore
composer
Затронутые версииВерсия исправления
< 10.0.7
10.0.7
Связанные уязвимости
CVSS3: 8.3
nvd
больше 4 лет назад
This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class.