-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| verbb/comments | composer | < 1.5.5 | 1.5.5 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability stems from missing CSRF protections in state-changing actions. The changelog for 1.5.5 explicitly mentions fixing a CSRF issue in the comment trashing mechanism. Prior to this patch, the trash action (likely handled by actionTrash in CommentsController) accepted requests without proper CSRF validation. While other actions like flagging/voting were later secured via POST requests in 1.6.0, the CVE-2020-13868 fix in 1.5.5 specifically addresses the trash action, making it the primary vulnerable function with high confidence based on patch notes.
Ongoing coverage of React2Shell