cbcvebase.
CVE-2017-1000490
published 2018-01-03

CVE-2017-1000490: Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download…

PriorityP336medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
EPSS
1.40%
69.2th percentile
Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.

Affected

47 ranges· showing 25
VendorProductVersion rangeFixed in
acquiamautic
acquiamautic
acquiamautic
acquiamautic
acquiamautic
acquiamautic
acquiamautic
acquiamautic
acquiamautic
acquiamautic
acquiamautic
acquiamautic
acquiamautic
acquiamautic
acquiamautic
acquiamautic
acquiamautic
acquiamautic
acquiamautic
acquiamautic
acquiamautic
acquiamautic
acquiamautic
acquiamautic
acquiamautic

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.