Logged-in users at risk of SQL injection vulnerability in Mautic Reports bundle
CVE-2022-25775

7.2HIGH

Key Information:

Vendor: Mautic
Status: Mautic
Vendor: CVE Published:; 18 September 2024

Summary

Logged-in users of Mautic are exposed to a significant security risk due to an SQL injection vulnerability in the Reports bundle. This flaw allows attackers to retrieve and potentially alter sensitive information stored in the database. Depending on the user's database permissions, an unauthorized individual could even manipulate the file system, leading to further exploitation of the system. It is crucial for organizations utilizing Mautic to apply the latest patches to mitigate these security risks.

Affected Version(s)

Mautic >= 2.14.1 < 2.14.1

Mautic > 5.0.0 < 5.0.0

References

https://github.com/mautic/mautic/security/advisories/GHSA...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 18, 2024
Vulnerability Reserved
Feb 22, 2022

Credit

a-solovev

Lenon Leite

John Linhart

Akivarsha Saha