Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.
Update to 4.4.12 or 5.0.4
None
If you have any questions or comments about this advisory:
Email us at [email protected]
CPE | Name | Operator | Version |
---|---|---|---|
mautic/core | lt | 5.0.4 | |
mautic/core | ge | 1.0.0-beta4 | |
mautic/core | lt | 4.4.12 |