Logged-in users at risk of SQL injection vulnerability in Mautic Reports bundle

CVE-2022-25775

7.2HIGH

Key Information

Vendor: Mautic
Status: Mautic
Vendor: CVE Published:; 18 September 2024

Summary

Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.

Affected Version(s)

Mautic < 2.14.1

Mautic < 5.0.0

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 18, 2024
Vulnerability Reserved.
Feb 22, 2022

Collectors

NVD DatabaseMitre Database

Credit

a-solovev

Lenon Leite

John Linhart

Akivarsha Saha