-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe critical vulnerability stems from missing brute force protection in the 2FA verification endpoint. The commit 9f2d075 adds BruteforceProtectionHandler to twoFactorAuthenticationAction, explicitly introducing attempt tracking and protection checks. The pre-patch absence of these checks in this authentication flow directly matches the CWE-307 description. The UserController.php changes (CSRF removal) are unrelated to the core brute force vulnerability.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| pimcore/pimcore | composer | < 6.2.2 | 6.2.2 |
Ongoing coverage of React2Shell