-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| DotNetNuke.Core | nuget | < 9.11.0 | 9.11.0 |
| DotNetNuke.Web | nuget | < 9.11.0 | 9.11.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unsanitized user input in path construction. The patch adds Path.GetFileName() to both methods to prevent traversal. Both functions directly incorporated user-provided filenames into filesystem paths without sanitization, matching CWE-23's relative path traversal pattern. The commit diff explicitly shows these were the patched locations.