-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability requires authenticated users with export privileges to manipulate file paths in export operations. Magento's export functionality in the ImportExport module is the logical attack surface. The primary suspect is the Export.execute() method, which handles export requests and file management. The AbstractSource::_deleteFile method is also implicated as it's part of the export file lifecycle management. Both would need to process() filenames without adequate path validation to allow traversal. The high confidence for the controller method stems from its direct exposure to HTTP requests, while the model method gets medium confidence due to its role in file operations.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.2.0, < 2.2.10 | 2.2.10 |
| magento/community-edition | composer | >= 2.3.0, < 2.3.2-p1 | 2.3.2-p1 |
A Semantic Attack on Google Gemini - Read the Latest Research