-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| shopware/shopware | composer | <= 5.7.14 | 5.7.15 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability describes exposure of sensitive customer data in backend responses. In MVC architectures, controller actions handling data retrieval are primary suspects. The Customer backend controller's detail action would be responsible for fetching/returning customer records. The patch notes mention explicitly unsetting sensitive fields, which aligns with common fixes for CWE-200 exposures. While exact code isn't available, the pattern matches common sensitive data exposure vulnerabilities where controllers return full model data without field filtering.
Ongoing coverage of React2Shell