Sensitive Information Disclosure in Mautic by Vulnerable Configuration
CVE-2024-47056

5.1MEDIUM

Key Information:

Vendor: Mautic
Status: Mautic
Vendor: CVE Published:; 28 May 2025

What is CVE-2024-47056?

A security vulnerability in Mautic allows unauthorized access to sensitive .env configuration files via a web browser. This exposure can result in the disclosure of critical information, including database credentials and API keys, due to improper web server configurations that fail to restrict access to these files. An attacker can view the contents of the .env file simply by navigating to its URL. To mitigate this vulnerability, users should update to the latest version of Mautic and ensure proper web server configurations are in place. For Apache, configure .htaccess files appropriately, and for Nginx, add specific rules to deny access to .env files.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mautic > 4.4.0

References

https://github.com/mautic/mautic/security/advisories/GHSA...

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 28, 2025
Vulnerability Reserved
Sep 17, 2024

Credit

r3ky

Lenon Leite

Nick Vanpraet

Patryk Gruszka

JSON

Mautic

What is CVE-2024-47056?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.