Incorrect Regular Expression in .htaccess File Can Allow Code Execution
CVE-2022-25769

7.2HIGH

Key Information:

Vendor: Mautic
Status: Mautic
Vendor: CVE Published:; 18 September 2024

Summary

The vulnerability arises from an issue with the default configuration of the .htaccess file in Mautic. The file is designed to restrict access to certain PHP files; however, the implemented logic is flawed. Specifically, the regex pattern in the FilesMatch directive only validates the filename and does not account for the full path to the PHP files. This oversight can lead to unintended access to restricted PHP files, potentially compromising the integrity and confidentiality of the application.

Affected Version(s)

Mautic < 3.3.5 < 3.3.5

Mautic < 4.2.0 < 4.2.0

References

https://github.com/mautic/mautic/security/advisories/GHSA...

https://www.mautic.org/blog/community/mautic-4-2-one-smal...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 18, 2024
Vulnerability Reserved
Feb 22, 2022

Credit

Mattias Michaux

John Linhart

Zdeno Kuzmany