-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| dolibarr/dolibarr | composer | < 7.0.2 | 7.0.2 |
Miggo AIRoot Cause AnalysisThe vulnerability occurs in two key points: 1) The admin panel (security_file.php) allowed unrestricted modification of the antivirus command/parameters via GETPOST('none'), which preserves dangerous characters. 2) The getCliCommand method in AntiVir.class.php combined these raw parameters into a system command executed via exec(). The patch added dol_string_nospecial sanitization in security_file.php and parameter filtering in getCliCommand, confirming both locations were vulnerable. The chain of unsanitized input storage (CWE-862) and insecure command construction (CWE-78) enabled RCE.