-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from the conditional logic in the can_process function. Before the patch, password length validation (strlen($_POST['password']) < 4) was only triggered when editing existing users (!$new). The commit modified the condition to 'if ($new || (!$new && ...))' to include new user creation flows. This directly matches the CWE-521 weakness description and the advisory's statement about missing strength checks for new accounts.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| notrinos/notrinos-erp | composer | < 0.7 | 0.7 |