CVE-2017-8874

HIGH

Mautic 1.4.1 - Cross-Site Request Forgery in Email Campaign and Contact Deletion

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/mautic/mautic/issues/3486

Scores

CVSS v3 8.8
EPSS 0.0076
EPSS Percentile 50.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (2)
acquia/mautic 1.4.1
mautic/core Packagist
Published May 10, 2017
Tracked Since Feb 18, 2026