-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe directory traversal vulnerability stemmed from insufficient input validation in the module parameter handling. The commit diff shows a security patch was added to the setModule function in javascript.php, introducing module validation via FrontendModel::getModules(). Before this patch, the function accepted any input (including '../' sequences) as the module name, which would be used to construct file paths. This matches the CWE-22 (Path Traversal) description and the vulnerability's technical details.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| forkcms/forkcms | composer | <= 3.2.4 | 3.2.5 |
PHPPHPOngoing coverage of React2Shell