-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| contao/core | composer | >= 3.4.0, < 3.4.4 | 3.4.4 |
| contao/core | composer | >= 2.0.0, < 3.2.19 | 3.2.19 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from unvalidated 'node' parameters in backend breadcrumb functions. The patch added Validator::isInsecurePath() checks to these functions, confirming they were the attack vectors. The functions handled user-controlled 'node' values for filesystem operations without prior path traversal checks, enabling directory traversal. The commit diff explicitly fixes these functions, indicating high confidence.