-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.2.0, < 2.2.10 | 2.2.10 |
| magento/community-edition | composer | >= 2.3.0, < 2.3.3 | 2.3.3 |
Miggo AIRoot Cause AnalysisThe vulnerability involves authenticated users exploiting the design layout update feature to delete arbitrary files. This aligns with the DeleteAction controller's role in theme/file deletion. The execute() method processes user-controlled theme IDs, which map to file system paths. Without proper sanitization of the theme_path parameter, attackers can manipulate this value to traverse directories and delete unintended files. This pattern matches known Magento path traversal vulnerabilities in theme handling components.
Ongoing coverage of React2Shell