-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| verbb/knock-knock | composer | < 1.2.8 | 1.2.8 |
PHPPHPMiggo AIRoot Cause AnalysisThe changelog explicitly states that version 1.2.8 added validation for the redirect parameter to prevent malicious redirection. This indicates the login handler previously accepted unvalidated redirect URLs from user input. The vulnerability pattern matches CWE-601 (Open Redirect) where untrusted URLs are used for redirection. While exact function names aren't visible in provided resources, Craft CMS's MVC architecture strongly suggests the vulnerability existed in the controller handling login redirection.
Ongoing coverage of React2Shell