Mautic Core vulnerabilities
3 known vulnerabilities affecting mautic/mautic_core.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-47051P2CRITICALCVSS 9.9fixed in 5.2.32025-02-26
CVE-2024-47051 [CRITICAL] CWE-23 CVE-2024-47051: This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.
This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users.
* Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file
nvd
CVE-2024-47053P3HIGHCVSS 7.7≥ >= 1.0.1, < < 5.2.32025-02-26
CVE-2024-47053 [HIGH] CWE-285 CVE-2024-47053: This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication impleme
This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data.
* Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can a
nvd
CVE-2022-25773P4MEDIUMCVSS 5.4fixed in 5.2.32025-02-26
CVE-2022-25773 [MEDIUM] CWE-22 CVE-2022-25773: This advisory addresses a file placement vulnerability that could allow assets to be uploaded to uni
This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server.
* Improper Limitation of a Pathname to a Restricted Directory: A vulnerability exists in the asset upload functionality that allows users to upload files to directories outside of the intended temporary directory.
nvd