CVE-2022-25775

EUVD-2024-1235
Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.

The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.6 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
acquiamautic
2.14.1 ≤
𝑥
< 4.4.12
acquiamautic
5.0.0 ≤
𝑥
< 5.0.4
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
mauticmautic
2.14.1 ≤
𝑥
< 4.4.12
ADP
mauticmautic
5.0.0 ≤
𝑥
< 5.0.4
ADP
Common Weakness Enumeration
References
https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94