Known Vulnerabilities
CVE-2024-47050
Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.
MEDIUM
CVSS 5.4
Published Sep 18, 2024
CVE-2022-25777
Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.
MEDIUM
CVSS 6.5
Published Sep 18, 2024
CVE-2022-25775
Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.
MEDIUM
CVSS 6.6
Published Sep 18, 2024