-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| froxlor/froxlor | composer | < 0.10.14 | 0.10.14 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the _createUserdataConf function's original implementation that used a hardcoded temporary filename. The GitHub patch shows this function was modified to use tempnam() for unpredictable filenames, directly addressing CWE-20 (Improper Input Validation) by removing static path reliance. The vulnerability description explicitly mentions this function as the root cause, and the commit diff confirms the insecure pattern was present in this function's code path.
Ongoing coverage of React2Shell