-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper input validation in the menu parameter handling. The commit diff shows the critical fix was adding the 'aZ09' filter to GETPOST('menu'), which restricts input to alphanumerics and underscores. Without this filter, attackers could supply malicious values (like '../../' paths or special characters) to load unauthorized menu handlers. The CWE-863 classification confirms this is an authorization bypass via uncontrolled input, directly tied to the unfiltered GETPOST usage.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| dolibarr/dolibarr | composer | < 12.0.0 | 12.0.0 |
PHPPHPOngoing coverage of React2Shell