-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | < 2.4.9 | 2.4.9 |
| moodle/moodle | composer | >= 2.5.0, < 2.5.5 | 2.5.5 |
| moodle/moodle | composer | >= 2.6.0, < 2.6.2 | 2.6.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing capability checks in the chat_ajax.php script's main execution flow. The patch added require_login and require_capability calls to enforce access control. In vulnerable versions, the absence of these checks meant the script didn't re-validate permissions during ongoing sessions, enabling the bypass. The file path and behavior align directly with the CVE description and commit diff showing the security checks were added to the script's top-level code.
A Semantic Attack on Google Gemini - Read the Latest Research