CVE-2017-1000490
MEDIUMMautic 1.0.0-2.11.0 - Authenticated Path Traversal via Filemanager
Title source: llmDescription
Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.
References (1)
Core 1
Core References
Exploit, Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/mautic/mautic/releases/tag/2.12.0
Scores
CVSS v3
6.5
EPSS
0.0140
EPSS Percentile
69.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (47)
acquia/mautic
1.0.1
acquia/mautic
1.0.2
acquia/mautic
1.0.3
acquia/mautic
1.0.4
acquia/mautic
1.0.5
acquia/mautic
1.1.0
acquia/mautic
1.1.1
acquia/mautic
1.1.2
acquia/mautic
1.1.3
acquia/mautic
1.2.0 beta1
... and 37 more
Published
Jan 03, 2018
Tracked Since
Feb 18, 2026