Marketing Automation

In Mautic versions before 5.2.3 two critical security vulnerabilities CVE-2024-47051 were detected. These vulnerabilities allow authenticated users to execute remote code via asset upload by bypassing file extension restrictions and to delete arbitrary files through a path traversal flaw. To address this issues, users should upgrade Mautic to versions 5.2.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-47051.

In Mautic versions from 1.0.0-beta2 to 4.4.11 a critical severity vulnerability CVE-2021-27915 was detected. This vulnerability allows logged-in users with appropriate permissions to exploit XSS vulnerabilities in the description fields. This could result in elevated access to the system. To fix this issue, upgrade to version 4.4.12 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-27915.

In Mautic versions 1.0.0-beta4 to 4.4.12 and 5.0.0-alpha to 5.1.0 (mautic/core and mautic/core-lib via Composer) a high severity vulnerability (CVE-2021-27917) was detected. This stored XSS vulnerability allows attackers to inject malicious scripts into the contact tracking and page hits report, potentially compromising sensitive data. To fix this issue, users must upgrade to versions 4.4.13 or 5.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2021-27917.

In Mautic versions 1.0.2 to 4.4.11 and 5.0.0-alpha to 5.0.3 a high severity vulnerability CVE-2022-25776 was detected. This vulnerability allows attackers to access restricted areas of the application, potentially exposing sensitive data such as names, surnames, company names, and stage names. To fix this issue, users must upgrade to version 4.4.12 or 5.0.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2022-25776.

In Mautic versions 2.14.1 before 4.4.12, and 5.0.0 before 5.0.4 a high severity vulnerability CVE-2024-25775 was detected. This vulnerability allows attackers to redirect users to fake websites, where they could steal personal information or take over user accounts. To fix this issue, users should upgrade Mautic to versions 4.4.12, 5.0.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-25775.

In Mautic versions >= 1.0.0-beta3 a high severity vulnerability CVE-2024-25770 was detected. This vulnerability allows attackers to exploit the upgrade process, potentially leading to unauthorized changes in the system or creating security risks if the application is installed in a vulnerable way. To fix this issue, users should upgrade Mautic to versions 4.4.13, and 5.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-25770.

In Mautic versions < 3.3.5, < 4.2.0 a medium severity vulnerability CVE-2024-25769 was detected. This vulnerability allows attackers to potentially execute unauthorized PHP files within the application, which could lead to a range of security issues, including data theft or system compromise. To fix this issue, users should upgrade Mautic to versions 3.3.5, and 4.2.0. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-25769.

In Mautic versions >= 1.1.3 a high severity vulnerability CVE-2024-25768 was detected. This vulnerability allows attackers to potentially access sensitive information or execute unauthorized actions within the application, which could result in data breaches or system malfunctions. To fix this issue, users should upgrade Mautic to versions 4.4.13 and 5.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-25768.

In Mautic versions 5.1.0 to 5.1.1 a medium severity vulnerability CVE-2024-47059 was detected. This vulnerability allows attackers to infer whether a username is valid based on differing error messages for incorrect usernames and weak passwords. To fix this issue, users must upgrade to version 5.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-47059.