CVE-2025-13827

Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution...

GrapesJsBuilder File Upload allows all file uploads

Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. Impact If the media folder is not restricted from running files this can lead to a remote code execution...

GHSA-5XW2-57JX-PGJP GrapesJsBuilder File Upload allows all file uploads

Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. Impact If the media folder is not restricted from running files this can lead to a remote code execution...

CVE-2025-13827

Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution...

CVE-2025-13827

Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution...

CVE-2025-13827 GrapesJsBuilder File Upload allows all file uploads

Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution...

CVE-2025-13827

The CVE-2025-13827 entry concerns GrapesJS Builder in Mautic, where file upload is not restricted by type, allowing arbitrary files to be uploaded. The underlying issue is that the media folder may execute uploaded files, potentially enabling remote code execution (RCE). Affected components are t...

CVE-2025-13827 GrapesJsBuilder File Upload allows all file uploads

Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution...

PT-2025-48723

Name of the Vulnerable Software and Affected Versions GrapesJS affected versions not specified Description The GrapesJS Builder allows the upload of arbitrary files due to a lack of file type restrictions. If the media folder is not configured to prevent file execution, this could lead to remote...

EUVD-2024-1171

Malicious code in bioql PyPI...

CVE-2021-27916

Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files...

CVE-2021-27916 Relative Path Traversal / Arbitrary File Deletion in Mautic (GrapesJS Builder)

Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files...

CVE-2021-27916 Relative Path Traversal / Arbitrary File Deletion in Mautic (GrapesJS Builder)

Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files...

Path Traversal

mautic/core is vulnerable to Path Traversal. The vulnerability is due to inadequate input validation in the GrapesJS builder implementation within FileManagerController.php, allowing logged-in users to delete critical files outside media folders...

PT-2024-10912 · Mautic +1 · Mautic +1

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 4.4.12 Mautic versions prior to 5.0.4 Description: Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mauti...