Filtered by vendor Mautic
Subscriptions
Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27915 | 2 Acquia, Mautic | 2 Mautic, Mautic | 2024-09-29 | 7.6 High |
| Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system. | ||||
| CVE-2022-25775 | 2 Acquia, Mautic | 2 Mautic, Mautic | 2024-09-23 | 6.6 Medium |
| Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems. | ||||
| CVE-2022-25769 | 1 Mautic | 1 Mautic | 2024-09-20 | 7.2 High |
| ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path. | ||||