-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| backdrop/backdrop | composer | <= 1.22.0 |
Miggo AIRoot Cause AnalysisThe vulnerability occurs in theme installation functionality where ZIP file processing lacks proper validation. Key functions would be those handling: 1) Theme installation entry point (backdrop_theme_install) and 2) Form submission handler for theme uploads (system_theme_install_submit). These functions likely process user-uploaded ZIP files without checking for dangerous file types (like .php), allowing arbitrary file uploads to themes directory. The high confidence comes from the CWE-434 mapping and attack vector description showing unvalidated theme package processing.
A Semantic Attack on Google Gemini - Read the Latest Research