GHSA-5hc5-fxr9-5frc – mautic/core

Package

Manager: composer
Name: mautic/core
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Duplicate Advisory: Mautic has insufficient authentication in upgrade flow # Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qf6m-6m4g-rmrc. This link is maintained to preserve external references. # Original Description Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.

Metadata

Created: 2024-09-19T00:31:32Z
Modified: 2025-02-21T21:43:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-5hc5-fxr9-5frc/GHSA-5hc5-fxr9-5frc.json
CWE IDs: ["CWE-306"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0