Описание
Mautic user without privileged access to the Marketplace can install and uninstall composer packages
Summary
A non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked.
Impact
A low-privileged user of the platform can install malicious code to obtain higher privileges.
Пакеты
mautic/core
>= 4.0.0, < 4.4.18
4.4.18
mautic/core
>= 5.0.0, < 5.2.9
5.2.9
mautic/core
>= 6.0.0, < 6.0.7
6.0.7
Связанные уязвимости
SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked. ImpactA low-privileged user of the platform can install malicious code to obtain higher privileges.