Unvalidated Parameter in ClassificationstoreController Class in pimcore/pimcore

Unvalidated Parameter in ClassificationstoreController Class in pimcore/pimcore

CVE-2021-23405 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class.

Learn more about our Web Application Penetration Testing UK.