-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| solspace/craft-freeform | composer | >= 5.0.0, < 5.10.16 | 5.10.16 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability analysis began by examining the provided information, which indicated an SSTI vulnerability in the Freeform CraftCMS plugin. The advisory mentioned that the vulnerability was in the submission title field and was patched in version 5.10.16. A proof-of-concept was available, demonstrating the use of a call filter in Twig to execute arbitrary commands. By comparing the patched version 5.10.16 with the last vulnerable version 5.10.15, I identified a security-related commit 06d7f1ae621f7362f39a989efc9c0c187098cf9a. Analyzing this commit revealed the removal of the callUserFunction method and the associated call Twig filter from FreeformTwigFilters.php. This function used call_user_func with arguments passed from the template, which is the root cause of the SSTI vulnerability. The patch replaced the usage of this insecure filter with a safer, more specific method for rendering submission fields. Therefore, the callUserFunction is the identified vulnerable function.
Ongoing coverage of React2Shell