-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability stems from improper neutralization of browser information (CWE-74) stored in session values. The Joomla security advisory explicitly states browser information wasn't filtered during session storage. Session initialization typically handles User-Agent headers, and PHP's unserialize() operation on attacker-controlled data leads to object injection. The patched version 1.3.1 would have added filtering in this initialization path, aligning with the vulnerability pattern of unsafe session data handling.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| joomla/session | composer | < 1.3.1 | 1.3.1 |
Ongoing coverage of React2Shell