-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| dolibarr/dolibarr | composer | <= 19.0.0 |
Miggo AIRoot Cause AnalysisThe vulnerability combines CWE-284 and CWE-352, indicating flaws in both access control and CSRF protections. Key attack vectors involve stealing session cookies and CSRF tokens through crafted pages. This suggests: 1) CSRF token handlers don't validate() request context properly, allowing token leakage via cross-origin requests. 2) Session management fails to implement strict cookie security attributes, enabling theft via malicious scripts. While exact function names aren't provided in advisories, Dolibarr's architecture patterns and the described attack mechanism strongly implicate core security classes handling authentication tokens and session management as the vulnerable components.
Ongoing coverage of React2Shell
PHPPHP