CVE-2017-1000490
published 2018-01-03CVE-2017-1000490: Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download…
PriorityP336medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
EPSS
1.40%
69.2th percentile
Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.
Affected
47 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Mautic users able to download any files from server using filemanager
ghsa·2021-01-19
CVE-2017-1000490 [MEDIUM] CWE-22 Mautic users able to download any files from server using filemanager
Mautic users able to download any files from server using filemanager
### Impact
Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.
### Patches
Update to 2.12.0 or later.
### Workarounds
None
### For more information
If you have any questions or comments about this advisory:
* Email us at [[email protected]](mailto:[email protected])
OSV
Mautic users able to download any files from server using filemanager
osv·2021-01-19
CVE-2017-1000490 [MEDIUM] Mautic users able to download any files from server using filemanager
Mautic users able to download any files from server using filemanager
### Impact
Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.
### Patches
Update to 2.12.0 or later.
### Workarounds
None
### For more information
If you have any questions or comments about this advisory:
* Email us at [[email protected]](mailto:[email protected])
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-01-03
Published