-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| grumpydictator/firefly-iii | composer | < 6.0.0 | 6.0.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing input sanitization in currency handling operations. The patch adds critical security measures: 1) e() function (HTML escaping) for text fields, 2) strict type casting for numeric/boolean fields. The affected functions directly process user-controlled input (currency properties) without these protections in vulnerable versions. The commit's explicit addition of these sanitization steps to these specific functions confirms their vulnerable state prior to 6.0.0.
PHPPHPOngoing coverage of React2Shell