CVE-2024-47051

CRITICAL LAB

Mautic < 5.2.3 - Authenticated Remote Code Execution and Path Traversal via Asset Upload

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-47051. PoCs published by mallo-m, hyeonyeonglee.

AI-analyzed exploit summary The repository describes CVE-2024-47051, an authenticated RCE vulnerability in Mautic's Asset Edition feature due to improper file extension sanitization and path traversal, allowing arbitrary PHP file uploads and directory deletion. The PoC is not yet published but detailed technical analysis is provided.

Description

This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts. * Path Traversal File Deletion: A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system.

Exploits (2)

nomisec WRITEUP 3 stars

by mallo-m · poc

https://github.com/mallo-m/CVE-2024-47051

View Code ZIP pw:eip

The repository describes CVE-2024-47051, an authenticated RCE vulnerability in Mautic's Asset Edition feature due to improper file extension sanitization and path traversal, allowing arbitrary PHP file uploads and directory deletion. The PoC is not yet published but detailed technical analysis is provided.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Mautic (version not specified)

Auth required

Prerequisites: Authenticated access to Mautic · Ability to upload assets

MITRE ATT&CK

T1210 - Exploitation of Remote Services T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP

by hyeonyeonglee · poc

https://github.com/hyeonyeonglee/CVE-2024-47051

View Code ZIP pw:eip

The repository contains source code files from a Mautic application, including kernel and bundle configurations, but lacks executable exploit code or a clear proof-of-concept for CVE-2024-47051. It appears to be a partial codebase dump rather than a functional exploit.

Classification

Writeup 90%

Attack Type

Other

Complexity

Complex

Reliability

Theoretical

Target: Mautic (version unspecified)

No auth needed

Prerequisites: Access to Mautic application files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory

https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2

Not Applicable

https://owasp.org/www-community/attacks/Code_Injection

Not Applicable

https://owasp.org/www-community/attacks/Path_Traversal

Scores

CVSS v3 9.1

EPSS 0.0111

EPSS Percentile 78.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Lab Environment

COMMUNITY

Community Lab

docker pull atmoz/sftp:alpine

docker pull stilliard/pure-ftpd

https://github.com/mallo-m/CVE-2024-47051

https://github.com/hyeonyeonglee/CVE-2024-47051

View in Library

Details

CWE

CWE-94 CWE-23

Status published

Products (2)

acquia/mautic < 5.2.3

mautic/core 0 - 5.2.3Packagist

Published Feb 26, 2025

Tracked Since Feb 18, 2026