-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability stems from insufficient validation during module upload processing. Key functions would be: 1) The module upload handler that accepts ZIP files without proper content inspection, and 2) The ZIP extraction routine that writes files to server directories without filtering PHP extensions. These functions combined allow attackers to deploy arbitrary PHP code via crafted modules. The CWE-94 classification confirms this is a code injection scenario through uncontrolled file generation.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| genix/cms | composer | = 1.1.4 |
Ongoing coverage of React2Shell