Headline

GHSA-jj6w-2cqg-7p94: Mautic SQL Injection in dynamic Reports

Impact

Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.

The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.

Patches

Update to 4.4.12 or 5.0.4

Workarounds

References

https://owasp.org/www-community/attacks/SQL_Injection
https://owasp.org/www-community/attacks/Blind_SQL_Injection

7 months ago

ghsa

Open in Source

#sql #vulnerability #git

Package

composer mautic/core (Composer)

Affected versions

>= 2.14.1, < 4.4.12

>= 5.0.0-alpha, < 5.0.4

Patched versions

4.4.12

5.0.4

Description

Impact

Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.

The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.

Patches

Update to 4.4.12 or 5.0.4

Workarounds

References

https://owasp.org/www-community/attacks/SQL_Injection
https://owasp.org/www-community/attacks/Blind_SQL_Injection

References

GHSA-jj6w-2cqg-7p94
mautic/mautic@cab65e0
mautic/mautic@e75b1ee

RCheesley published to mautic/mautic

Apr 11, 2024

Published to the GitHub Advisory Database

Apr 12, 2024

Reviewed

Apr 12, 2024

Last updated

Apr 12, 2024

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution

2 days ago

ghsa

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

2 days ago

ghsa

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

2 days ago

ghsa

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

2 days ago

ghsa

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

2 days ago

ghsa