Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

GHSA-8vff-35qm-qjvv

GitHub Security Advisory

Mautic allows users enumeration due to weak password login

✓ GitHub Reviewed MODERATE Has CVE

Advisory Details

### Summary

When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak.

However when an incorrect username is provided along side with weak password, the application responds with ’Invalid credentials’ notification.

This difference could be used to perform username enumeration.

### Patches

Update to 5.1.1 or later.

If you have any questions or comments about this advisory:

Email us at [[email protected]](mailto:[email protected])

Affected Packages

Packagist mautic/core

Affected versions: 5.1.0 (fixed in 5.1.1)

Related CVEs

CVE-2024-47059

Key Information

GHSA ID

GHSA-8vff-35qm-qjvv

Published

September 18, 2024 10:10 PM

Last Modified

September 19, 2024 9:48 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

mautic/core

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.