-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| froxlor/froxlor | composer | >= 2.0.0-beta0, < 2.0.0-beta1 | 2.0.0-beta1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing authorization checks in multiple administrative interfaces. The commit patches show added 'change_serversettings' permission checks in conditional statements that control access to cronjobs, IP/port management, and MySQL server configuration pages. In IpsAndPorts.php, the update method's authorization logic was flawed using an OR condition that permitted unauthorized access. These functions collectively allowed privilege escalation by exposing server configuration interfaces to resellers/admins without proper permissions, matching the CWE-285 description of improper authorization.
PHPPHPOngoing coverage of React2Shell