PT-2018-5254 · Mautic · Mautic

Pahan12

Published

2018-01-03

Updated

2021-01-25

CVE-2017-1000490

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mautic versions 1.0.0 through 2.11.0

Description The issue allows any authorized Mautic user session to use the Filemanager to download any file from the server that the web user has access to, given that the user is logged into Mautic.

Recommendations Update to version 2.12.0 or later.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2017-1000490

GHSA-QPGW-2C72-4C89

Affected Products

Mautic

PT-2018-5254 · Mautic · Mautic

CVE-2017-1000490

Weakness Enumeration

Related Identifiers

Affected Products

References · 7