CVE-2017-8874
HIGHMautic 1.4.1 - Cross-Site Request Forgery in Email Campaign and Contact Deletion
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/mautic/mautic/issues/3486
Scores
CVSS v3
8.8
EPSS
0.0076
EPSS Percentile
50.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (2)
acquia/mautic
1.4.1
mautic/core
Packagist
Published
May 10, 2017
Tracked Since
Feb 18, 2026