-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability chain requires two components: 1) A storage mechanism that accepts dangerous payloads (phrases/add/ endpoint), and 2) An export mechanism that fails to escape them (languages/download/). The proof-of-concept shows direct manipulation of phrase values and CSV output generation. In MVC frameworks like Subrion, these endpoints would map to controller actions handling user input and CSV generation respectively. The lack of output encoding in CSV generation and input validation in phrase creation are the root issues.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| intelliants/subrion | composer | = 4.2.1 |
PHPPHP