Описание
ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in version 1.0.10.
Ссылки
- Issue Tracking
- Patch
- Release Notes
- ExploitVendor Advisory
- Issue Tracking
- Patch
- Release Notes
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.10 (исключая)
cpe:2.3:a:pimcore:e-commerce_framework:*:*:*:*:*:*:*:*
EPSS
Процентиль: 0%
0.00006
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-284
NVD-CWE-Other
Связанные уязвимости
CVSS3: 4.3
github
около 2 лет назад
Pimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list
EPSS
Процентиль: 0%
0.00006
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-284
NVD-CWE-Other