-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.1.0, < 2.1.18 | 2.1.18 |
| magento/community-edition | composer | >= 2.2.0, < 2.2.9 | 2.2.9 |
| magento/community-edition | composer | >= 2.3.0, < 2.3.2 | 2.3.2 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability exists in WYSIWYG image handling where path traversal occurs through insufficient input validation. Magento's WYSIWYG directive processing (particularly for media/images) is a prime candidate. The Directives controller and template filter components are core to WYSIWYG content rendering and historically prone to path traversal issues when processing encoded URLs. While exact patch details are unavailable, these components align with the described vulnerability mechanics and Magento's security bulletin references.
KEV Misses 88% of Exploited CVEs- Get the report