-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| thorsten/phpmyfaq | composer | < 3.1.18 | 3.1.18 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from insufficient validation of the 'main.referenceURL' configuration parameter. The patch adds a check using FILTER_VALIDATE_URL to ensure only valid URLs are accepted. Prior to the fix, an attacker could inject malicious scripts into this field, which would be stored and later rendered unsafely in the DOM. The critical modification occurs in configuration.php, where the unvalidated input was processed. The renderInputForm function in ajax.config_list.php was also modified, but its role is less clear without additional context; the primary vulnerability lies in the server-side validation gap addressed in configuration.php.
Ongoing coverage of React2Shell