-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.4.7-beta1, < 2.4.7-p4 | 2.4.7-p4 |
| magento/community-edition | composer | >= 2.4.6-p1, < 2.4.6-p9 | 2.4.6-p9 |
| magento/community-edition | composer | >= 2.4.5-p1, < 2.4.5-p11 | 2.4.5-p11 |
| magento/community-edition | composer | < 2.4.4-p12 | 2.4.4-p12 |
| magento/community-edition | composer | = 2.4.7 | |
| magento/community-edition | composer | = 2.4.6 | |
| magento/community-edition | composer | = 2.4.5 | |
| magento/community-edition | composer | = 2.4.4 | |
| magento/community-edition | composer | = 2.4.8-beta1 | |
| magento/project-community-edition | composer | <= 2.0.2 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability centers on Improper Access Control (CWE-284), which typically manifests in Magento via: (1) Admin controllers missing proper _isAllowed() overrides (defaulting to insecure permissions), and (2) Web API routes with insufficient resource restrictions. These patterns align with the described attack vector (low-privileged user bypass) and Magento's architecture. Confidence is medium due to lack of explicit patch details, but these components are historically prone to such vulnerabilities.
Ongoing coverage of React2Shell