-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| idno/known | composer | <= 1.3.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper SVG validation in isSVG(). The function's original implementation (pre-patch) only checked for '.svg' file extensions rather than validating actual content. The researcher blog shows attackers could upload SVG files containing <script> tags or PHP code. The GitHub commit adds isFileFreeFromScriptTags() to address this, confirming the lack of content validation in the original isSVG() implementation. CWE-79 classification and CVE description both point to improper input neutralization in web content generation via SVG processing.
Ongoing coverage of React2Shell