-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| october/cms | composer | <= 1.0.412 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper file type validation in Media Manager and Asset Manager components, as explicitly mentioned in October CMS's security advisory (RN-8). These controllers handle file uploads, and the CWE-434 classification indicates unrestricted dangerous file uploads. The functions responsible for upload processing in these components would logically contain the vulnerable validation logic. While exact code isn't available, the component-specific references and vulnerability pattern strongly implicate these handler functions.