2 matches found
CVE-2024-3448 Improper Access Control Leads to Server-Side Request Forgery in Mautic
Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port...
CVE-2024-3448
CVE-2024-3448 affects Mautic, where users with low privileges can exploit improper access to ajax?action=plugin:focus:checkIframeAvailability to trigger a server-side request forgery. The flaw allows an attacker to analyze backend error messages and perform a back-end port scan. Public details in...