-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| AutoQueryable | nuget | <= 2.0.11-beta |
Miggo AIRoot Cause AnalysisThe vulnerability stems from inadequate separation between selection restrictions (SELECT clause) and filtering logic (WHERE clause). While UnselectableProperties prevents direct field selection, the filter handling components do not respect this configuration. The PoC demonstrates attackers can use unselectable fields in filters to infer values through response differences. The core issue resides in the filter application logic (FilterHandler) and attribute configuration propagation. Confidence is high for FilterHandler as it directly processes query parameters, and medium for the attribute class due to potential configuration handling gaps.