-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.2.0, < 2.2.10 | 2.2.10 |
| magento/community-edition | composer | >= 2.3.0, < 2.3.2-p1 | 2.3.2-p1 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability involves a race condition during the import file upload process, leading to webserver configuration modification. The Uploader::move() method is responsible for moving uploaded files to their destination. If this method does not use atomic operations or proper file locking, an attacker with admin import privileges can exploit the timing window to replace the file with a malicious configuration, triggering RCE. This aligns with the CWE-362 race condition description and the attack vector described in the advisory.
Ongoing coverage of React2Shell