Mattias Michaux

**Name of the Vulnerable Software and Affected Versions** Mautic versions prior to 4.4.13 Mautic versions prior to 5.1.1 **Description** The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to the patch being applied, it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required. **Recommendations** Upgrade to version 4.4.13 or later. Upgrade to version 5.1.1 or later. As a temporary workaround, consider disabling the update process via the user interface until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Mautic (affected versions not specified) **Description** The upgrade logic in Mautic's application update via an upgrade script is not properly shielded, potentially leading to a vulnerable situation. However, this issue is mitigated by the fact that Mautic must be installed in a specific way to be vulnerable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mautic versions prior to 4.4.12 Mautic versions prior to 5.0.4 **Description** Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files. This vulnerability exists in the implementation of the GrapesJS builder in Mautic. **Recommendations** Update to version 4.4.12 or later. Update to version 5.0.4 or later. As a temporary workaround, consider restricting access to the GrapesJS builder in Mautic until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Mautic versions prior to 3.3.5 Mautic versions prior to 4.2.0 **Description** The default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. However, the regex in the second FilesMatch only checks the filename, not the full path, which is incorrect logic. This issue can enable local host attacks due to an improper validation flaw. **Recommendations** For Mautic versions prior to 3.3.5, please upgrade to version 3.3.5 or later. For Mautic versions prior to 4.2.0, please upgrade to version 4.2.0 or later. As a temporary workaround, consider restricting access to the .htaccess file until a patch is applied.