Unvalidated Parameter in ClassificationstoreController Class in pimcore/pimcore
CVE-2021-23405 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class.
Learn more about our Web Application Penetration Testing UK.