-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| torrentpier/torrentpier | composer | <= 2.4.1 |
PHPPHPMiggo AIRoot Cause AnalysisThe exploit demonstrates a crafted 'bb_t' cookie containing a serialized FileCookieJar object. Torrentpier deserializes this untrusted input without validation, allowing attackers to leverage PHP's destructor behavior in FileCookieJar to write malicious PHP files. The vulnerability stems from insecure handling of serialized session/cookie data combined with Guzzle's file-writing functionality in the destructor. The explicit reference to GuzzleHttp\Cookie\FileCookieJar in the exploit payload and CWE-502 classification confirm this vector.
Ongoing coverage of React2Shell