Relative Path Traversal and Arbitrary File Deletion Vulnerability in Mautic
CVE-2021-27916

8.1HIGH

Key Information:

Vendor: Mautic
Status: Mautic
Vendor: CVE Published:; 17 September 2024

What is CVE-2021-27916?

A vulnerability exists in the Mautic application prior to version 3.3.1 that permits logged-in users to exploit relative path traversal, allowing them to delete arbitrary files outside the designated media folders. This poses a risk not only to user-generated content but potentially to critical system files and libraries. The issue stems from the GrapesJS builder's implementation, highlighting the need for security best practices within content management systems. Organizations using Mautic are advised to update to the latest version to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mautic >= 3.3.0 <= 3.3.0

Mautic >= 5.0.0 <= 5.0.0

References

https://github.com/mautic/mautic/security/advisories/GHSA...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 17, 2024
Vulnerability Reserved
Mar 2, 2021

Credit

Mattias Michaux

Lenon Leite

Adrian Schimpf

Avikarsha Saha

John Linhart

JSON

Mautic

What is CVE-2021-27916?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.