CVE-2017-1000490

MEDIUM

Mautic 1.0.0-2.11.0 - Authenticated Path Traversal via Filemanager

Title source: llm
STIX 2.1

Description

Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.

References (1)

Core 1
Core References
Exploit, Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/mautic/mautic/releases/tag/2.12.0

Scores

CVSS v3 6.5
EPSS 0.0140
EPSS Percentile 69.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (47)
acquia/mautic 1.0.1
acquia/mautic 1.0.2
acquia/mautic 1.0.3
acquia/mautic 1.0.4
acquia/mautic 1.0.5
acquia/mautic 1.1.0
acquia/mautic 1.1.1
acquia/mautic 1.1.2
acquia/mautic 1.1.3
acquia/mautic 1.2.0 beta1
... and 37 more
Published Jan 03, 2018
Tracked Since Feb 18, 2026