-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| silverstripe/framework | composer | >= 3.0.0, < 4.3.5 | 4.3.5 |
| silverstripe/admin | composer | < 1.3.5 | 1.3.5 |
| silverstripe/framework | composer | >= 4.4.0-rc1, < 4.4.4 | 4.4.4 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the inclusion of a vulnerable third-party SWF file (clipboard.swf) in the web-accessible directories of silverstripe/framework (3.x) and silverstripe/admin (pre-1.3.5). This file was part of the jstree library's demo/documentation files. The exploit does not involve a specific PHP function's input handling, but rather the presence of an insecure static asset. The fix involved removing these files entirely (as seen in the commit diff removing thirdparty/jstree). No Silverstripe PHP functions were directly implicated in the vulnerability; the issue was the exposure of a legacy Flash component.
PHPPHPOngoing coverage of React2Shell