CVE-2024-2730
MEDIUMMautic < 4.4.9 - Unauthenticated Sensitive Data Exposure via Predictable Landing Page Indices
Title source: llmDescription
Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available
References (1)
Core 1
Core References
Exploit, Third Party Advisory exploit
https://huntr.com/bounties/cd3321a4-9ebc-48fa-8d4c-b5720089c2d9
Scores
CVSS v3
5.3
EPSS
0.0051
EPSS Percentile
39.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-425
Status
published
Products (1)
Mautic/Mautic
< 4.4.9
Published
Apr 10, 2024
Tracked Since
Feb 18, 2026