Headline

GHSA-jj6w-2cqg-7p94: Mautic SQL Injection in dynamic Reports

Impact

Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.

The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.

Patches

Update to 4.4.12 or 5.0.4

Workarounds

References

https://owasp.org/www-community/attacks/SQL_Injection
https://owasp.org/www-community/attacks/Blind_SQL_Injection

6 months ago

ghsa

Open in Source

#sql #vulnerability #git

Package

composer mautic/core (Composer)

Affected versions

>= 2.14.1, < 4.4.12

>= 5.0.0-alpha, < 5.0.4

Patched versions

4.4.12

5.0.4

Description

Impact

Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.

The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.

Patches

Update to 4.4.12 or 5.0.4

Workarounds

References

https://owasp.org/www-community/attacks/SQL_Injection
https://owasp.org/www-community/attacks/Blind_SQL_Injection

References

GHSA-jj6w-2cqg-7p94
mautic/mautic@cab65e0
mautic/mautic@e75b1ee

RCheesley published to mautic/mautic

Apr 11, 2024

Published to the GitHub Advisory Database

Apr 12, 2024

Reviewed

Apr 12, 2024

Last updated

Apr 12, 2024

ghsa: Latest News

GHSA-6jrf-rcjf-245r: changedetection.io path traversal using file URI scheme without supplying hostname

6 hours ago

ghsa

GHSA-7mr7-4f54-vcx5: HTTP Client uses incorrect token after refresh

6 hours ago

ghsa

GHSA-hfq9-hggm-c56q: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

6 hours ago

ghsa

GHSA-2w5v-x29g-jw7j: Hashicorp Nomad Incorrect Authorization vulnerability

6 hours ago

ghsa

GHSA-3m9x-2qfj-xvq4: PHPExcel XXE Vulnerability

10 hours ago

ghsa