-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| october/october | composer | <= 1.0.412 | 1.0.413 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from insecure file type validation in the Media Manager. The commit diff and advisory explicitly mention switching from a blacklist to a whitelist approach to fix CWE-434. The MediaManager::validateFileName function in the specified file would have contained the vulnerable blacklist logic prior to the patch, allowing dangerous file uploads. The high confidence comes from direct references to the Media Manager's validation changes in patch notes and the security advisory context.