-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| funadmin/funadmin | composer | <= 5.0.2 |
Miggo AIRoot Cause AnalysisThe vulnerability description and GitHub issue #24 explicitly reference the editfile method in Index.php as the source of the flaw. The method concatenates the user-supplied 'id' parameter into a file path without proper validation/sanitization, allowing attackers to read arbitrary files via path traversal (CWE-22). While the CVE title mentions SQL injection (CWE-89), the provided exploit examples and technical details focus on file read operations, suggesting the primary vulnerability stems from the editfile function's insecure file handling.