-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| nukeviet/nukeviet | composer | >= 4.0.10, < 4.3.08 | 4.3.08 |
Miggo AIRoot Cause AnalysisThe vulnerability documentation explicitly identifies the 'topicsid' parameter in modules/news/admin/addtotopics.php as the injection vector. The changelog for patched version 4.3.08 specifically mentions fixing this module, and SQL injection (CWE-89) typically indicates direct user input interpolation in SQL queries. While exact function names aren't provided, the file path and parameter are clearly specified across multiple authoritative sources (CVE, GHSA, vendor advisory).