-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| admidio/admidio | composer | < 4.2.9 | 4.2.9 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper sanitization in CSV export functionality. The patch modifies this specific function to add three critical sanitization steps: 1) Escaping tabs, 2) Escaping newlines, and 3) Prefixing formula-starting characters with #. The function's direct handling of CSV formatting without these sanitizations in vulnerable versions matches the CWE-1236 description of formula injection in CSVs. The commit diff clearly shows these security-critical changes were implemented in this function.
A Semantic Attack on Google Gemini - Read the Latest Research