-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| wallabag/wallabag | composer | >= 2.0.0-alpha.1, < 2.5.3 | 2.5.3 |
Miggo AIRoot Cause AnalysisThe commit diff shows the downloadEntryAction method was modified to add user authorization checks (comparing current user ID with entry owner ID). The original method signature accepted an Entry parameter without ownership validation, making it vulnerable to IDOR attacks. The added tests (testForbiddenEntryId) confirm the authorization check was missing in previous versions.
Ongoing coverage of React2Shell