In Mautic versions 2.14.1 before 4.4.12, and 5.0.0 before 5.0.4 a high severity vulnerability CVE-2024-25775 was detected. This vulnerability allows attackers to redirect users to fake websites, where they could steal personal information or take over user accounts. To fix this issue, users should upgrade Mautic to versions 4.4.12, 5.0.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-25775.
Read more Marketing Automation
In Mautic versions >= 1.0.0-beta3 a high severity vulnerability CVE-2024-25770 was detected. This vulnerability allows attackers to exploit the upgrade process, potentially leading to unauthorized changes in the system or creating security risks if the application is installed in a vulnerable way. To fix this issue, users should upgrade Mautic to versions 4.4.13, and 5.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-25770.
Read more Marketing Automation
In Mautic versions < 3.3.5, < 4.2.0 a medium severity vulnerability CVE-2024-25769 was detected. This vulnerability allows attackers to potentially execute unauthorized PHP files within the application, which could lead to a range of security issues, including data theft or system compromise. To fix this issue, users should upgrade Mautic to versions 3.3.5, and 4.2.0. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-25769.
Read more Marketing Automation
In Mautic versions >= 1.1.3 a high severity vulnerability CVE-2024-25768 was detected. This vulnerability allows attackers to potentially access sensitive information or execute unauthorized actions within the application, which could result in data breaches or system malfunctions. To fix this issue, users should upgrade Mautic to versions 4.4.13 and 5.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-25768.
Read more Marketing Automation
In Mautic versions 5.1.0 to 5.1.1 a medium severity vulnerability CVE-2024-47059 was detected. This vulnerability allows attackers to infer whether a username is valid based on differing error messages for incorrect usernames and weak passwords. To fix this issue, users must upgrade to version 5.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-47059.
Read more Marketing Automation
In Mautic versions 1.0.0-beta4 to 4.4.11 and 5.0.0-alpha to 5.0.3 a medium severity vulnerability CVE-2022-25777 was detected. This vulnerability allows attackers to read system files and access internal addresses via a Server-Side Request Forgery (SSRF) flaw. To fix this issue, users must upgrade to version 4.4.12 or 5.0.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2022-25777.
Read more Marketing Automation
In versions 2.5.303 of Wiki.js a medium severity vulnerability CVE-2024-45298 was detected. This vulnerability allows attackers to bypass account disabling by requesting a password reset. To fix this issue, all users are advised to upgrade to version 2.5.304, as there are no known workarounds for this vulnerability. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-45298.
Read more CMS
In Mautic versions below 1.0.0 and 5.0.0 a low severity vulnerability CVE-2024-47058 was detected. This vulnerability allows attackers with access to edit a Mautic form to insert Cross-Site Scripting into the HTML field, potentially enabling the theft of sensitive information from the user’s current session. To fix this issue, users must upgrade to version 4.4.13, 5.1.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-47058.
Read more Marketing Automation
In Mautic versions below 2.6.0 and 5.0.0 a medium severity vulnerability CVE-2024-47050 was detected. This vulnerability allows attackers to exploit Cross-Site Scripting through the Page URL variable. To fix this issue, users must upgrade to versions 4.4.13 or 5.1.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-47050.
Read more Marketing Automation