-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| sylius/sylius | composer | < 1.12.19 | 1.12.19 |
| sylius/sylius | composer | >= 1.13.0-alpha.1, < 1.13.4 | 1.13.4 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability stemmed from the unauthenticated /api/v2/shop/adjustments/{id} endpoint using sequential IDs. The patch replaced the controller with NotFoundAction, confirming the original handler (GetItemAction) was the vulnerable component. The configuration in Adjustment.xml defined this endpoint's behavior, and the absence of explicit controller configuration before the patch implied reliance on API Platform's default data exposure logic.
Ongoing coverage of React2Shell