-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| yiisoft/yii | composer | < 1.1.29 | 1.1.29 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unsafe unserialize() usage combined with a vulnerable __wakeup method. The commit diff shows critical modifications to CDbCriteria's __wakeup method where scalar checks were added to prevent object injection. The original code processed array elements without validating they were scalar values, allowing attackers to inject objects that could trigger RCE through PHP's deserialization magic methods. This matches the CWE-502 pattern and the PHP Object Injection vulnerability described in the advisory.
PHPPHPKEV Misses 88% of Exploited CVEs- Get the report