-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | = 2.4.6 | |
| magento/community-edition | composer | >= 2.4.5-p1, < 2.4.5-p3 | 2.4.5-p3 |
| magento/community-edition | composer | >= 2.4.4-p1, < 2.4.4-p4 | 2.4.4-p4 |
| magento/community-edition | composer | = 2.4.5 | |
| magento/community-edition | composer | = 2.4.4 | |
| magento/project-community-edition | composer | <= 2.0.2 |
Miggo AIRoot Cause AnalysisThe vulnerability requires admin privileges and involves URL injection for SSRF. Magento's AdminAnalytics metadata collection and product image retrieval features are prime candidates because they involve external URL fetching. The absence of patch details limits precision, but these components align with the SSRF pattern described (admin-controlled URL input leading to arbitrary requests). Confidence is medium due to reliance on vulnerability patterns rather than explicit code references.