cve/CVE-2024-21665.md at d9f6f5801b0d53c0ab1f613e250dc5a8a9a8f46f

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in version 1.0.10.

POC

Reference

https://github.com/pimcore/ecommerce-framework-bundle/security/advisories/GHSA-cx99-25hr-5jxf
https://github.com/pimcore/ecommerce-framework-bundle/security/advisories/GHSA-cx99-25hr-5jxf

Github

https://github.com/jiongle1/nvd-patch-getter

1012 B Raw Blame History

CVE-2024-21665

Description

POC

Reference

Github

1012 B

Raw Blame History