-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| silverstripe/cms | composer | >= 2.4.0, < 2.4.6 | 2.4.6 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from using PHP's native serialize()/unserialize() on user-controlled cookie data. The patch replaced these with JSON serialization (Convert::raw2json/json2array), confirming these functions were the root cause. unserialize() on untrusted input is a well-known anti-pattern (CWE-502), and the cookie data flow (user comment -> serialize() -> cookie -> unserialize()) creates an exploit chain. The direct correlation between the vulnerability description, CWE mapping, and patched functions provides high confidence.
PHPPHPOngoing coverage of React2Shell