CVE-2024-2730

MEDIUM

Mautic - Info Disclosure

Title source: llm

Description

Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available

References (1)

[Exploit, Third Party Advisory] https://huntr.com/bounties/cd3321a4-9ebc-48fa-8d4c-b5720089c2d9

Scores

CVSS v3 5.3

EPSS 0.0032

EPSS Percentile 54.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-425

Status published

Products (1)

Mautic/Mautic < 4.4.9

Published Apr 10, 2024

Tracked Since Feb 18, 2026