-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| topthink/framework | composer | <= 6.0.13 |
Miggo AIRoot Cause AnalysisThe vulnerability arises from deserializing untrusted data that instantiates Psr6Cache with a malicious $pool. The __destruct method of Psr6Cache (if autosave is enabled) or framework logging workflows trigger the exploit chain. The injected think\log\Channel and think\log\driver\Socket objects configure a callable (Php::display) that executes arbitrary code. The PoC demonstrates this chain, and the advisory confirms the root cause as unsafe deserialization via Psr6Cache.
PHPPHPOngoing coverage of React2Shell