-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| craftcms/cms | composer | <= 3.0.34 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unsanitized Twig template evaluation in the URI Format field. Craft CMS's View::renderString() is the primary Twig rendering function that would execute user-provided template code (like {% ... %} blocks). The Sites::saveSite() method is implicated because it processes the vulnerable URI Format input without neutralizing template syntax. The high confidence in View::renderString() comes from its direct role in template evaluation, while Sites::saveSite() has medium confidence due to inferred input handling without explicit code evidence.
A Semantic Attack on Google Gemini - Read the Latest Research