cbcvebase.
CVE-2022-25768
published 2024-09-18

CVE-2022-25768: The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to…

PriorityP337medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EPSS
0.29%
20.6th percentile
The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.

Affected

8 ranges
VendorProductVersion rangeFixed in
acquiamautic>= 1.1.3 < 4.4.134.4.13
acquiamautic>= 5.0.0 < 5.1.15.1.1
mauticcore>= 1.1.3 < 4.4.134.4.13
mauticcore>= 5.0.0-alpha < 5.1.15.1.1
mauticcore-lib>= 1.1.3 < 4.4.134.4.13
mauticcore-lib>= 5.0.0-alpha < 5.1.15.1.1
mauticmautic>= >= 1.1.3 < < 4.4.13< 4.4.13
mauticmautic>= >= 5.0.0 < < 5.1.1< 5.1.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.