-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| feehi/cms | composer | <= 2.1.1 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability occurs at /web/admin/index.php?r=log/view-layer where the 'id' parameter is reflected unsanitized. In MVC frameworks like Yii (used by FeehiCMS), URL routing maps 'log/view-layer' to LogController::actionViewLayer(). The function likely retrieves the 'id' parameter and passes it to the view template without adequate output encoding. The GitHub issue's POC shows direct reflection of the payload via this parameter, indicating missing input sanitization/output encoding in the controller/view layer handling.
Ongoing coverage of React2Shell