2 matches found
CVE-2024-3448 Improper Access Control Leads to Server-Side Request Forgery in Mautic
Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port...
PT-2024-25931 · Mautic · Mautic
Name of the Vulnerable Software and Affected Versions: No specific software name or versions are mentioned in the provided descriptions. Description: The issue allows users with low privileges to perform certain AJAX actions, leading to improper access to...