-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| ec-cube/ec-cube | composer | >= 2.11.0, <= 2.17.1 | 2.17.2 |
Miggo AIRoot Cause AnalysisThe patch diff shows the addition of a mode check ('delete') and implied CSRF protection through transactionid. The original code processed deletion requests without verifying if the request was intentionally submitted by an authenticated user, making it vulnerable to CSRF. The JavaScript change adding transactionid to the request indicates the server-side lacked CSRF token validation prior to the patch.