A-Solovev

**Name of the Vulnerable Software and Affected Versions** Mautic versions prior to 4.4.12 Mautic versions prior to 5.0.4 **Description** The issue affects logged in users of Mautic, making them vulnerable to an SQL injection vulnerability in the Reports bundle. This vulnerability allows an attacker to retrieve and alter sensitive data, including login information. Depending on the database permissions, the attacker may also be able to manipulate file systems. **Recommendations** Update to version 4.4.12 or later. Update to version 5.0.4 or later. As a temporary workaround, consider restricting access to the Reports bundle until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Mautic versions prior to 4.4.12 Mautic versions prior to 5.0.4 **Description** An authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability. This issue allows an attacker to access sensitive information. **Recommendations** Update to version 4.4.12 or later. Update to version 5.0.4 or later.