-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| phpmyadmin/phpmyadmin | composer | >= 4.9.0, < 4.9.5 | 4.9.5 |
| phpmyadmin/phpmyadmin | composer | >= 5.0.0, < 5.0.2 | 5.0.2 |
Miggo AIRoot Cause AnalysisThe vulnerability manifests in username handling during account management operations. Both files mentioned in advisories (Privileges.php and UserPassword.php) contain user management functionality. The SQL injection occurs when: 1) Retrieving user context for privilege operations 2) Processing username during password changes. The commits 89fbcd7c and 3258978c likely added proper escaping/parameterization for username values in SQL queries. High confidence comes from explicit file references in multiple sources and the nature of described attack vectors (privilege/password operations).
PHPPHPOngoing coverage of React2Shell