-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.1, < 2.1.14 | 2.1.14 |
| magento/community-edition | composer | >= 2.2, < 2.2.5 | 2.2.5 |
Miggo AIRoot Cause AnalysisThe vulnerabilities described in the advisory explicitly reference specific modules (Swatches, ImportExport, TargetRule, Catalog) and attack vectors (RCE via admin actions, unsafe unserialize, directory traversal). These functions were identified based on: 1) Module-specific controller patterns for admin actions 2) Known dangerous patterns in Magento's import/export implementation 3) Historical vulnerabilities in target rule serialization 4) File handling patterns in product gallery management. While exact line numbers aren't available, the combination of module responsibility and vulnerability type provides high-confidence mapping.
PHPPHPOngoing coverage of React2Shell