-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| intelliants/subrion | composer | <= 4.2.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper deserialization of user-controlled input in the 'subpages' parameter. The exploit requires sending serialized data to blocks/edit endpoint, which gets processed by unserialize() in admin/blocks.php. This matches the PHP object injection pattern where unserialize() is called on untrusted data (CWE-502). The proof-of-concept demonstrates direct manipulation of serialized data leading to file deletion, confirming the insecure use of unserialize().