Miggo Logo
Miggo Vulnerability Database
GHSA-qxh3-jgvh-x55j

GHSA-qxh3-jgvh-x55j: Connect-CMS Privilege Escalation Vulnerability

4.3

CVSS Score
3.1

Basic Information

CVE ID
-
GHSA ID
GHSA-qxh3-jgvh-x55j
EPSS Score
-
CWE
-
Published
7/5/2023
Updated
2/7/2025
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
opensource-workshop/connect-cmscomposer< 1.7.21.7.2
opensource-workshop/connect-cmscomposer>= 2.0.0, < 2.3.22.3.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability information lacks technical details about code implementation, commit diffs, or patch specifics. While the advisory describes a privilege escalation vulnerability, there are no explicit references to vulnerable functions, file paths, or code patterns in the management system. Privilege escalation typically involves authorization flaws, but without access to the actual code changes between vulnerable and patched versions (e.g., user role validation functions, permission checks), specific vulnerable functions cannot be identified with high confidence. The absence of CWE mappings, GitHub patch details, or commit comparisons further limits the ability to pinpoint exact functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t(影響) T**r* is * Privil*** *s**l*tion Vuln*r**ility on t** m*n***m*nt syst*m o* *onn**t-*MS. ****r*t** V*rsion : *onn**t-*MS *.*.*, *.*.* *n* **rli*r ### P*t***s(修正バージョン) v*rsion *.*.*, *.*.* ### Work*roun*s(運用回避手段) Up*r*** *onn**t-*MS

Reasoning

T** provi*** vuln*r**ility in*orm*tion l**ks t***ni**l **t*ils **out *o** impl*m*nt*tion, *ommit *i**s, or p*t** sp**i*i*s. W*il* t** **visory **s*ri**s * privil*** *s**l*tion vuln*r**ility, t**r* *r* no *xpli*it r***r*n**s to vuln*r**l* *un*tions, *