PT-2018-18426 · Mautic · Mautic

Joanbono

·

Published

2018-04-18

·

Updated

2021-01-19

·

CVE-2018-8092

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 2.13.0
Description: The issue allows for CSV injection with exported contact lists. This can be exploited when a user exports contact lists.
Recommendations: For versions prior to 2.13.0, update to 2.13.0 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-1236

Related Identifiers

CVE-2018-8092
GHSA-29V9-2FPX-J5G9

Affected Products

Mautic