-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| quickapps/cms | composer | = 2.0.0-beta2 |
Miggo AIRoot Cause AnalysisThe vulnerability manifests in the user creation endpoint's handler function. The provided PoC demonstrates successful admin account creation via a simple POST request without CSRF tokens. In MVC architectures, this would correspond to a controller action (likely add() in UserManageController) that failed to implement CSRF protection decorators/annotations or token validation checks before processing sensitive user creation operations.