-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| francoisjacquet/rosariosis | composer | < 10.8.2 | 10.8.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from predictable filenames due to insufficient microsecond entropy in two functions handling file uploads. The commit diff shows both functions were modified to replace DateTime-based timestamp generation with microtime()-derived values, explicitly to address predictability. Predictable filenames allowed unauthorized actors to guess URLs and access sensitive files (CWE-200/CWE-284). The functions directly control filename generation mechanics, making them the root cause.