Описание
Mautic allows Relative Path Traversal in assets file upload
Summary
This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server.
- Improper Limitation of a Pathname to a Restricted Directory: A vulnerability exists in the asset upload functionality that allows users to upload files to directories outside of the intended temporary directory.
Mitigation
Please update to 5.2.3 or later.
Workarounds
None
References
If you have any questions or comments about this advisory:
Email us at security@mautic.org
Пакеты
Наименование
mautic/core
composer
Затронутые версииВерсия исправления
< 5.2.3
5.2.3
Связанные уязвимости
CVSS3: 4.3
nvd
12 месяцев назад
This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server. * Improper Limitation of a Pathname to a Restricted Directory: A vulnerability exists in the asset upload functionality that allows users to upload files to directories outside of the intended temporary directory.