-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| SSCMS | nuget | <= 6.15.51 |
Miggo AIRoot Cause AnalysisThe vulnerability manifests in the API endpoint /api/pages/cms/libraryText/list where user-controlled input ('keyword' parameter) is directly injected into SQL queries. The provided exploit demonstrates SQL injection via the 'keyword' parameter containing a malicious payload. This indicates the handler function for this endpoint fails to use parameterized queries or proper input sanitization. The CWE-89 classification and exploit POC both confirm classic SQL injection patterns through unsanitized user input in database operations.
C#C#KEV Misses 88% of Exploited CVEs- Get the report