-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| facturascripts/facturascripts | composer | < 2022.08 | 2022.08 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the password check in newUserPassword() where 'fsDbPasswd' input was compared with FS_DB_PASS using '=='. PHP's loose comparison allows type coercion (e.g., '0e12345' == 0). The patch explicitly changes this to strict comparison (===), confirming this as the vulnerable code path. The function's role in password reset logic directly enables account takeover when this check is bypassed.
A Semantic Attack on Google Gemini - Read the Latest Research