Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-jj6w-2cqg-7p94

GitHub Security Advisory

Mautic SQL Injection in dynamic Reports

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact
Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.

The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.

### Patches
Update to 4.4.12 or 5.0.4

### Workarounds
No

### References
- https://owasp.org/www-community/attacks/SQL_Injection
- https://owasp.org/www-community/attacks/Blind_SQL_Injection

Affected Packages

Packagist mautic/core
Affected versions: 2.14.1 (fixed in 4.4.12)
Packagist mautic/core
Affected versions: 5.0.0-alpha (fixed in 5.0.4)

Related CVEs

CVE-2022-25775

Key Information

GHSA ID
GHSA-jj6w-2cqg-7p94
Published
April 12, 2024 5:25 PM
Last Modified
September 18, 2024 4:56 PM
CVSS Score
5.0 /10
Primary Ecosystem
Packagist
Primary Package
mautic/core
GitHub Reviewed
✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.