-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| froxlor/froxlor | composer | < 2.0.10 | 2.0.10 |
PHPPHPMiggo AIRoot Cause AnalysisThe patch introduced validation for 'interval_interval' by checking against a fixed list of allowed values ($allowed_intervals). Prior to this fix, the code directly used user-supplied input to construct cronjob intervals via string concatenation ($interval = $interval_value . ' ' . strtoupper($interval_interval)). Without validation, attackers could provide values like '*/5 * * * * ; malicious-command' to inject arbitrary cron syntax. The CWE-96 (Static Code Injection) mapping confirms this pattern matches improper neutralization of directives in statically saved code.
Ongoing coverage of React2Shell