12 matches found
CVE-2026-3105
SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated...
Mautic is Vulnerable to SQL Injection through Contact Activity API Sorting
Summary This advisory addresses a SQL Injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validate...
GHSA-R5J5-Q42H-FC93 Mautic is Vulnerable to SQL Injection through Contact Activity API Sorting
Summary This advisory addresses a SQL Injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validate...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection in the ORDER BY parameter supplied to the getTimelineResults function via the Contact Activity timeline API endpoint. Remediation Upgrade mautic/core-lib to version 5.2.10, 6.0.8, 7.0.1 or higher. References - GitHub Commi...
EUVD-2026-8548
Mautic is Vulnerable to SQL Injection through Contact Activity API Sorting...
CVE-2026-3105
SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated...
CVE-2026-3105 SQL Injection in Contact Activity API Sorting
SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated...
CVE-2026-3105 SQL Injection in Contact Activity API Sorting
SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated...
CVE-2026-3105
CVE-2026-3105 — Mautic is affected by a SQL injection vulnerability in the API endpoint that retrieves Contact Activity data. The root cause is improper validation of the sort direction parameter in the query construction for the Contact Activity timeline, allowing an authenticated user to inject...
CVE-2026-3105
SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated...
PT-2026-21791
Name of the Vulnerable Software and Affected Versions Mautic versions prior to 4.4.19 Mautic versions prior to 5.2.10 Mautic versions prior to 6.0.8 Mautic versions prior to 7.0.1 Description A SQL injection issue exists in the API endpoint used for retrieving contact activities. The vulnerabilit...
CVE-2021-0444
In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. This could lead to local information disclosure of contact data with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8...