Back-End Server-Side Request Forgery Vulnerability in Product Y
CVE-2024-3448

5MEDIUM

Key Information:

Vendor: Mautic
Status: Mautic
Vendor: CVE Published:; 10 April 2024

Badges

👾 Exploit Exists

Summary

A security vulnerability enables users with low privileges to execute certain AJAX actions without proper authorization. Specifically, an improper configuration allows access to the endpoint ajax?action=plugin:focus:checkIframeAvailability. By leveraging the error messages returned by the server, an attacker can initiate a server-side request forgery (SSRF) attack, which permits them to conduct port scanning on the backend. Currently, there is no patch available to mitigate this security issue, posing a future risk to the application's integrity.

Affected Version(s)

Mautic 0 <= 4.4.9

References

https://huntr.com/bounties/4d72d300-92d6-4e3c-93d8-52fe47...

exploit

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

🟡
Public PoC available
Apr 10, 2024
👾
Exploit known to exist
Apr 10, 2024
Vulnerability published
Apr 10, 2024
Vulnerability Reserved
Apr 8, 2024

Credit

ZHAW Information Security Research Group