Количество 2
Количество 2
CVE-2018-10189
An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled.
GHSA-vfxj-qg93-7wwc
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2018-10189 An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled. | CVSS3: 7.5 | 0% Низкий | почти 8 лет назад |
| GHSA-vfxj-qg93-7wwc Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID | CVSS3: 7.5 | 0% Низкий | около 5 лет назад |
Уязвимостей на страницу