-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability description explicitly identifies the '/module/softwareupdate/get_tab_data/' endpoint's 'last' parameter as the injection vector. The module's security patch (v1.6) and associated release notes confirm SQL injection fixes. While the exact code isn't visible, the pattern matches classic SQL injection vulnerabilities where user input is directly concatenated into SQL queries. The endpoint handler in softwareupdate_controller.php would logically be responsible for processing this parameter and executing database operations.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| munkireport/softwareupdate | composer | < 1.6 | 1.6 |
Ongoing coverage of React2Shell