Headline
GHSA-4w2w-36vm-c8hf: Mautic allows Relative Path Traversal in assets file upload
Summary
This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server.
- Improper Limitation of a Pathname to a Restricted Directory: A vulnerability exists in the asset upload functionality that allows users to upload files to directories outside of the intended temporary directory.
Mitigation
Please update to 5.2.3 or later.
Workarounds
None
References
If you have any questions or comments about this advisory:
Email us at [email protected]
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2022-25773
Mautic allows Relative Path Traversal in assets file upload
Moderate severity GitHub Reviewed Published Feb 25, 2025 in mautic/mautic
Package
Affected versions
< 5.2.3
Summary
This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server.
- Improper Limitation of a Pathname to a Restricted Directory: A vulnerability exists in the asset upload functionality that allows users to upload files to directories outside of the intended temporary directory.
Mitigation
Please update to 5.2.3 or later.
Workarounds
None
References
If you have any questions or comments about this advisory:
Email us at [email protected]
References
- GHSA-4w2w-36vm-c8hf
- mautic/mautic@e6aaad9
Published to the GitHub Advisory Database
Feb 26, 2025