Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.
References
Link | Resource |
---|---|
https://github.com/mautic/mautic/releases/tag/2.12.0 | Exploit Release Notes Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:23:10
Updated: 2022-10-03T16:23:10
Reserved: 2022-10-03T00:00:00
Link: CVE-2017-1000490
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-01-03T17:29:00.243
Modified: 2021-01-25T16:51:54.423
Link: CVE-2017-1000490
JSON object: View
Redhat Information
No data.
CWE