Products
Mautic
Source
security@mautic.org
Tags
CVE-2022-25769 details
Published : Sept. 18, 2024, 3:15 p.m.
Last Modified : Sept. 18, 2024, 3:15 p.m.
Last Modified : Sept. 18, 2024, 3:15 p.m.
Description
ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7.2 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-1284 | Improper Validation of Specified Quantity in Input | The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
7.2
Exploitability Score
0.8
Impact Score
5.8
Base Severity
HIGH
Vector String : CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H
References
| URL | Source |
|---|---|
| https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56 | security@mautic.org |
| https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic | security@mautic.org |
This website uses the NVD API, but is not approved or certified by it.