-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| hhxsv5/laravel-s | composer | < 3.7.36 | 3.7.36 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the handleStatic function's URI validation logic. The original code checked for '/../' but not '/..' in the URI path. The patch changed 'strpos($uri, '/../')' to 'strpos($uri, '/..')', indicating the original check was insufficient to block all path traversal attempts. This function handles static file serving, and improper sanitization allows LFI via specially crafted URIs. The direct correlation between the security patch and this function's logic confirms its role in the vulnerability.
PHPPHPOngoing coverage of React2Shell