-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| yiisoft/yii2 | composer | < 2.0.47 | 2.0.47 |
Miggo AIRoot Cause AnalysisThe analysis focuses on the function explicitly called out in all vulnerability descriptions (runAction) despite the framework maintainers' dispute. Runtime detection would see this controller method in the call stack when processing attacker-controlled parameters that flow into SQL queries. The function's role as a parameter receiver makes it a key indicator even if the actual injection occurs deeper in application-specific code that uses these parameters.
PHPPHPOngoing coverage of React2Shell