CVE-2018-10189

Name of the Vulnerable Software and Affected Versions: Mautic versions 1.x and 2.x before 2.13.0

Description: An issue was discovered in Mautic where it is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. A third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled.

Recommendations: Update to 2.13.0 or later. As a temporary workaround, consider restricting access to forms with progressive profiling enabled until the update is applied.