-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | < 2.5.9 | 2.5.9 |
| moodle/moodle | composer | >= 2.6.0, < 2.6.6 | 2.6.6 |
| moodle/moodle | composer | >= 2.7.0, < 2.7.3 | 2.7.3 |
Miggo AIRoot Cause AnalysisThe vulnerability arises from the unvalidated use of the 'delete' parameter in mod/wiki/admin.php. The original code directly called wiki_delete_pages($context, $delete, $page->subwikiid) without verifying that the page ID ($delete) belonged to the same subwiki as the current page ($page->subwikiid). The patch introduced a check using wiki_get_page($delete) to validate the subwiki ID, confirming that the vulnerability stemmed from missing authorization checks in this specific code path. The lack of validation in the deletion workflow made the function vulnerable to cross-subwiki page deletion.