-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.4.7-beta1, < 2.4.7-p4 | 2.4.7-p4 |
| magento/community-edition | composer | >= 2.4.6-p1, < 2.4.6-p9 | 2.4.6-p9 |
| magento/community-edition | composer | >= 2.4.5-p1, < 2.4.5-p11 | 2.4.5-p11 |
| magento/community-edition | composer | < 2.4.4-p12 | 2.4.4-p12 |
| magento/community-edition | composer | = 2.4.7 | |
| magento/community-edition | composer | = 2.4.6 | |
| magento/community-edition | composer | = 2.4.5 | |
| magento/community-edition | composer | = 2.4.4 | |
| magento/community-edition | composer | = 2.4.8-beta1 | |
| magento/project-community-edition | composer | <= 2.0.2 |
Ongoing coverage of React2Shell
Miggo AIRoot Cause AnalysisThe vulnerability centers on improper access control (CWE-284) leading to privilege escalation. Magento's admin authentication and user permission systems are common targets for such issues. The Post controller in the admin login flow and core user identity verification are critical points where missing or flawed authorization checks could allow unauthorized access. While no patch details are available, historical Magento CVEs (e.g., CVE-2022-24086) and the described attack vector suggest these components are likely candidates. Confidence is medium due to the absence of explicit patch/diff data, but the reasoning aligns with Magento's architecture and the vulnerability type.