-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| gilacms/gila | composer | <= 1.11.4 |
Miggo AIRoot Cause AnalysisThe PoC demonstrates a CSRF attack vector targeting '/cm/update_rows/user' to create admin accounts via POST parameters. CSRF vulnerabilities typically occur when state-changing endpoints lack anti-CSRF protections like token validation. The absence of CSRF tokens in the PoC's payload and the demonstrated impact (privilege escalation) strongly indicate the update_rows handler in the UserController is missing CSRF safeguards.