-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.4.7-p1, < 2.4.7-p2 | 2.4.7-p2 |
| magento/community-edition | composer | = 2.4.7 | |
| magento/community-edition | composer | >= 2.4.6-p1, < 2.4.6-p7 | 2.4.6-p7 |
| magento/community-edition | composer | = 2.4.6 | |
| magento/community-edition | composer | >= 2.4.5-p1, < 2.4.5-p9 | 2.4.5-p9 |
| magento/community-edition | composer | = 2.4.5 | |
| magento/community-edition | composer | < 2.4.4-p10 | 2.4.4-p10 |
| magento/community-edition | composer | = 2.4.4 |
Miggo AIRoot Cause AnalysisCSRF vulnerabilities in Magento typically stem from state-changing controller actions missing CSRF token validation. The advisory describes unauthorized actions requiring user interaction, pointing to frontend/backend controllers handling sensitive operations. Common targets include store management (Adminhtml) and user account actions (Customer). While exact patched functions aren't visible without commit diffs, historical Magento CSRF fixes often involve adding FormKey validation or @Csrf annotations to such controllers. Confidence is medium due to pattern-matching against Magento's architecture and CWE-352 characteristics.
Ongoing coverage of React2Shell