-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability leverages email template hierarchy to manipulate interceptor classes. The Template::getProcessedTemplate method processes user-configurable template parameters, which could be abused to inject malicious class references. The Interceptor::generate method dynamically creates proxy classes, and if attacker-controlled input influences the generated class name or logic, it enables RCE. These functions are central to the described attack vector involving email templates and interceptor class manipulation.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.2.0, < 2.2.10 | 2.2.10 |
| magento/community-edition | composer | >= 2.3.0, < 2.3.2-p1 | 2.3.2-p1 |
Ongoing coverage of React2Shell