-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| total4 | npm | = 12.0 |
JavaScriptJavaScriptMiggo AIRoot Cause AnalysisThe vulnerability stems from missing authorization checks in API endpoints. The reproduction steps specifically demonstrate exploitation via a POST to /admin/api/pages/preview/, indicating this endpoint lacks privilege validation. The CWE-862 classification confirms this is an authorization bypass issue. While exact code isn't available, the endpoint structure and CMS architecture suggest the preview functionality in pages API controller is vulnerable. Front-end path checks /admin/notices/ are properly enforced, but API counterparts like this endpoint are not.
Ongoing coverage of React2Shell