Published: 03/01/2018 Updated: 25/01/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.

Vulnerable Product	Search on Vulmon	Subscribe to Product
acquia mautic 2.9.0
acquia mautic 2.8.2
acquia mautic 2.8.1
acquia mautic 2.8.0
acquia mautic 2.0.1
acquia mautic 2.0.0
acquia mautic 1.4.1
acquia mautic 1.4.0
acquia mautic 1.0.4
acquia mautic 1.0.3
acquia mautic 1.0.2
acquia mautic 1.0.1
mautic mautic 2.11.0
acquia mautic 2.11.0
acquia mautic 2.10.1
mautic mautic 2.10.0
acquia mautic 2.5.1
acquia mautic 2.5.0
acquia mautic 2.4.0
acquia mautic 2.3.0
acquia mautic 1.2.2
acquia mautic 1.2.1
mautic mautic 1.2.0
acquia mautic 1.1.3
mautic mautic 2.9.2
mautic mautic 2.9.0
acquia mautic 2.7.1
acquia mautic 2.6.1
acquia mautic 2.2.0
acquia mautic 2.1.1
acquia mautic 1.3.0
acquia mautic 1.2.3
acquia mautic 1.1.2
acquia mautic 1.1.0
acquia mautic 2.10.0
acquia mautic 2.9.1
acquia mautic 2.7.0
acquia mautic 2.6.0
acquia mautic 2.2.1
acquia mautic 1.2.0
acquia mautic 2.1.0
acquia mautic 1.3.1
acquia mautic 1.2.4
acquia mautic 1.1.1
acquia mautic 1.0.5
mautic mautic 1.0.0

CWE-22 https://github.com/mautic/mautic/releases/tag/2.12.0 https://nvd.nist.gov

CVE-2017-1000490

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect