-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper ACL enforcement when backend controllers are accessed via specific URL patterns. The root cause likely involves: (1) The preDispatch method in backend controllers (where ACL checks are typically enforced) failing to handle non-standard controller/action parameter formats, allowing bypass via crafted URLs. (2) The ACL system's controller/action resolution logic not properly normalizing input parameters, causing mismatches between requested resources and permission checks. The high confidence in AbstractController::preDispatch stems from its role as the primary ACL enforcement point, while the medium confidence in Acl::isAllowed reflects potential normalization flaws in permission mapping.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| shopware/shopware | composer | <= 5.7.14 | 5.7.15 |
Ongoing coverage of React2Shell