-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability centers around improper handling of the 'user_id' parameter in SQL queries post-authentication. In PHP CMS architectures, user data retrieval functions like User::get in model classes (typically located in src/Model/) are common injection points when input sanitization is missing. The high confidence comes from: 1) The specific reference to 'user_id' as the injection vector 2) The CWE-89 classification 3) Common PHP CMS patterns where user management functions handle raw input 4) The post-login context aligning with user profile/management functionality.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| gilacms/gila | composer | <= 1.15.4 |