-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| tcg/voyager | composer | <= 1.4.0 |
Miggo AIRoot Cause AnalysisThe vulnerability explicitly involves the media component's handling of .php files. In Laravel admin panels like Voyager, media upload functionality typically resides in a dedicated MediaController. The critical failure points would be: 1) Lack of proper file extension filtering for executable types (.php), and 2) Failure to set secure file permissions (like removing execute bits) after upload. The combination allows attackers to upload malicious PHP files that the web server will execute. While exact code isn't available, the pattern matches common file upload vulnerabilities in PHP applications where media handlers don't implement proper validation and permission management.
PHPPHPOngoing coverage of React2Shell