-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability documentation explicitly identifies getTemporaryFileName as the entry point, and the patch adds basename() sanitization to $suggestedFileName. This matches classic path traversal patterns where user input isn't properly normalized before filesystem operations. The function's role in temporary file creation with user-influenced paths directly enables the attack vector described.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| oro/platform | composer | >= 4.1.0, <= 4.1.13 | |
| oro/platform | composer | >= 4.2.0, <= 4.2.10 | |
| oro/platform | composer | >= 5.0.0, < 5.0.8 | 5.0.8 |
KEV Misses 88% of Exploited CVEs- Get the report