-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability manifests through the 'project' parameter manipulation leading to SQL errors. This indicates: 1) Direct interpolation of user input in SQL queries 2) Lack of prepared statements/parameterization 3) Error messages revealing database structure. The most logical location would be in project loading logic where the 'project' parameter is used to query project configurations from the database. The high confidence comes from the clear attack pattern (parameter tampering causing SQL errors) and the CWE-89 classification.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| reportico-web/reportico | composer | <= 8.1.0 |