Information Disclosure

mautic/core is vulnerable to information disclosure. The vulnerability exists due to configurations allowing other Symfony parameters to be exposed publicly in the free text fields...

Secret data exfiltration via symfony parameters

Impact Symfony parameters which is what Mautic transforms configuration parameters into can be used within other Symfony parameters by design. However, this also means that an admin who is normally not privy to certain parameters, such as database credentials, could expose them by leveraging any ...