GHSA-jj6w-2cqg-7p94

Опубликовано: 12 апр. 2024

Источник: github

Github: Прошло ревью

CVSS3: 6.6

Описание

Mautic SQL Injection in dynamic Reports

Impact

Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.

The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.

Patches

Update to 4.4.12 or 5.0.4

Workarounds

References

Ссылки

Пакеты

Наименование

mautic/core

composer

Затронутые версииВерсия исправления

>= 2.14.1, < 4.4.12

4.4.12

Наименование

mautic/core

composer

Затронутые версииВерсия исправления

>= 5.0.0-alpha, < 5.0.4

5.0.4

EPSS

Процентиль: 21%

0.00069

Низкий

6.6 Medium

CVSS3

CVE ID

CVE-2022-25775

Дефекты

CWE-89

Связанные уязвимости

CVE-2022-25775

CVSS3: 6.6

nvd

больше 1 года назад

Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.

EPSS

Процентиль: 21%

0.00069

Низкий

6.6 Medium

CVSS3

CVE ID

CVE-2022-25775

Дефекты

CWE-89