-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| froxlor/froxlor | composer | < 0.9.40 | 0.9.40 |
Miggo AIRoot Cause AnalysisThe primary vulnerability stems from admin_domains.php's direct unserialize() of $_POST['ssl_ipandport'] as explicitly called out in CVE-2018-1000527. The high confidence comes from: 1) The vulnerability description specifically mentions this parameter 2) The patch replaces unserialize with json_decode here 3) PHP Object Injection requires unserialize of untrusted data. The secondary finding in customer_extras.php shows broader insecure deserialization patterns, but with lower confidence as it requires more steps for exploitation.