Lucene search
MitreCVELIST:CVE-2018-10189HistoryOct 03, 2022 - 4:22 p.m.
CVE-2018-10189
2022-10-0316:22:15
mitre
www.cve.org
mautic
tracking cookies
third party manipulation
progressive profiling
0.002 Low
EPSS
Percentile
51.5%
An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled.
Related
osv
osv
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID
2021-01-19 21:16:21
CVE-2018-10189
2018-04-17 20:29:00
nvd
nvd
CVE-2018-10189
2018-04-17 20:29:00
openvas
openvas
Mautic 2.12 Information Disclosure Vulnerability
2018-04-19 00:00:00
github
github
cve
cve
CVE-2018-10189
2022-10-03 16:22:15
veracode
veracode
Information DIsclosure
2021-01-20 18:06:02
prion
prion
Design/Logic Flaw
2018-04-17 20:29:00