-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
Miggo AIRoot Cause AnalysisThe vulnerability explicitly exists in the /admin/blocks/add endpoint. In MVC-based PHP CMS systems like Subrion, endpoint handlers are typically controller actions. The 'add' functionality for blocks would logically be handled by an addAction method in the blocks controller. CSRF vulnerabilities in such contexts typically occur when the controller action fails to verify anti-CSRF tokens before processing state-changing requests. While no code diff is available, the documented attack vector and industry-standard implementation patterns strongly indicate the missing CSRF check in this specific handler.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| intelliants/subrion | composer | <= 4.0.5 |