-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| topthink/framework | composer | >= 6.1.3, <= 8.0.4 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unsafe deserialization in two key points: 1) Model's destructor handles unserialized data properties ($data/$withAttr) that can be manipulated to execute system commands through JSON processing. 2) Memcached driver's constructor enables injection of pivot objects that bridge to the Model class. The exploit chain shown in PoC uses these components to achieve RCE by constructing a malicious ResourceRegister->DbManager->Memcached->Pivot->Model chain that triggers dangerous destructor behavior when deserialized.