Marketing Automation Archives - Page 3 of 3 - Proactive Insights and Support For Open-Source Applications

23 May 2024 Business and Enterprise Solutions

Mautic: Unauthorized Access to Sensitive Data for Users with Low Privileges

In Mautic a medium severity vulnerability CVE-2024-2731 was detected. Users with low privileges, having all permissions deselected, can access pages revealing sensitive data such as company names, users’ names and surnames, stage names, monitoring campaigns, and their descriptions. Additionally, unprivileged users can view and modify tag descriptions. At the time of publication of the CVE no patch is available. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-2731/.

Read more Marketing Automation

22 May 2024 Business and Enterprise Solutions

Mautic: AJAX Actions Allow Server-Side Request Forgery

In Mautic a medium severity vulnerability CVE-2024-3448 was detected. This vulnerability allows users with low privileges to improperly perform certain AJAX actions, resulting in a Server-Side Request Forgery. Attackers can exploit this vulnerability to analyze error messages and conduct a port scan in the back-end. At the time of publication of the CVE no patch is available. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-3448/.