-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.2, < 2.2.10 | 2.2.10 |
| magento/community-edition | composer | >= 2.3, < 2.3.2-p1 | 2.3.2-p1 |
Miggo AIRoot Cause AnalysisThe vulnerability involves SQL injection via email templates, which are managed through Magento's email template resource model. The loadByCode method is a prime candidate as it handles template loading based on user-provided identifiers. In unpatched versions, this method likely used raw SQL interpolation with user-controlled 'template_code' values, allowing attackers to inject malicious SQL. The patch would have introduced parameterized queries or proper escaping in this method. The confidence is high because this pattern matches the described attack vector and Magento's typical resource model architecture.
A Semantic Attack on Google Gemini - Read the Latest Research