-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from insufficient access control in the updateItem method. The patch adds authorization checks using $view->access(['super', 'admin']) for modifying groups, passwords, and codes. In vulnerable versions, these checks were absent or incomplete, allowing editors (non-admin users) to modify admin accounts by exploiting these missing protections. The CWE-863 and CWE-1220 mappings confirm this is an authorization granularity issue in the identified function.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| aimeos/ai-admin-graphql | composer | >= 2022.04.1, < 2022.10.10 | 2022.10.10 |
| aimeos/ai-admin-graphql | composer | >= 2023.04.1, < 2023.10.6 | 2023.10.6 |
| aimeos/ai-admin-graphql | composer | >= 2024.04.1, < 2024.04.6 | 2024.04.6 |
Ongoing coverage of React2Shell