-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from missing authorization checks in tag manipulation endpoints. The GitHub commit diff explicitly shows the addition of $this->checkPermission('tags_configuration') calls in addAction, deleteAction and updateAction methods, indicating these were the vulnerable points. These controller actions handled tag operations without verifying user permissions prior to the patch, enabling unauthorized modifications through direct API access.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| pimcore/admin-ui-classic-bundle | composer | < 1.3.3 | 1.3.3 |
PHPPHPOngoing coverage of React2Shell