Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via insufficient validation of user-supplied URLs in the Focus component. An attacker can cause the server to send HTTP requests to internal or external destinations by supplying crafted URLs. This can...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the GrapesJsBuilder file upload process. An attacker can execute arbitrary code on the server by uploading malicious files without restriction. Note: This is only exploitable if the media folder is not restrict...

User Enumeration

mautic/core is vulnerable to user enumeration. The vulnerability is due to differing response times between valid and invalid usernames, which allows an attacker to enumerate valid accounts and subsequently attempt brute-force attacks...

Improper Acess Control

mautic/core is vulnerable to improper access control. The vulnerability is due to insufficient restriction on configuration access, which allows an administrator to extract sensitive information such as database credentials...

Cross Site Scripting (XSS)

mautic/core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unsanitized user-supplied input in the “Tags” field of the /s/ajax?action=lead:addLeadTags endpoint being reflected in the server response, which allows an attacker to execute arbitrary JavaScript in the victim’s...

Username Enumeration

mautic/core is vulnerable to User Enumeration. The vulnerability is due to differences in response times between valid and invalid usernames in the "Forget your password" functionality, which allows an attacker to determine the existence of valid usernames...

Sensitive Information Disclosure

mautic/core is vulnerable to Sensitive Information Disclosure. The vulnerability is due to unauthenticated arbitrary file access where the missing web server restrictions on .env files, allowing attackers to directly view sensitive configurations via a browser...

Arbitrary Code Execution

mautic/core is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient validation and access control during the execution of the upgrade script, allowing an attacker to execute arbitrary code during the upgrade process...

Username Enumeration

mautic/core is vulnerable to Username Enumeration. The vulnerability is due to inconsistent error messages that differentiate between incorrect usernames and weak passwords, allowing attackers to infer valid usernames...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to insufficient authentication in the upgrade flow. An attacker can bypass access restrictions and perform unauthorized actions by exploiting the unprotected upgrade logic. Remediation...

Mautic core - Moderately Critical - XSS vulnerability when creating/editing a company

More info at https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4...

Mautic core - Highly Critical - XSS vulnerability leveraged through referrers could allow un-authorized admin access

More info at https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4...