Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.
The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.
References
Link | Resource |
---|---|
https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
23 Sep 2024, 23:22
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94 - Third Party Advisory | |
First Time |
Acquia mautic
Acquia |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
CPE | cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:* |
20 Sep 2024, 12:30
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
18 Sep 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-18 15:15
Updated : 2024-09-23 23:22
NVD link : CVE-2022-25775
Mitre link : CVE-2022-25775
CVE.ORG link : CVE-2022-25775
JSON object : View
Products Affected
acquia
- mautic
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')