PT-2025-7708 · Mattermost · Mattermost
Visat
·
Published
2025-02-24
·
Updated
2025-03-01
·
CVE-2025-24490
CVSS v3.1
9.6
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 9.11.x through 9.11.7
Mattermost versions 10.2.x through 10.2.2
Mattermost versions 10.3.x through 10.3.2
Mattermost versions 10.4.x through 10.4.1
Description
The issue allows an attacker to retrieve data from the database via a SQL injection when reordering specially crafted boards categories, due to the failure to use prepared statements in the SQL query of boards reordering.
Recommendations
For versions 9.11.x through 9.11.7, update to a version that includes the fix for this issue.
For versions 10.2.x through 10.2.2, update to a version that includes the fix for this issue.
For versions 10.3.x through 10.3.2, update to a version that includes the fix for this issue.
For versions 10.4.x through 10.4.1, update to a version that includes the fix for this issue.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost