Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-25769

Good to know:

icon

Date: September 18, 2024

mautic/core versions prior to 3.3.5,4.2.0 are vulnerable to Improper regex in htaccess file. The default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path..

Language: PHP

Severity Score

Related Resources (4)

https://nvd.nist.gov/vuln/detail/CVE-2022-25769
https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56
https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic
https://www.mend.io/vulnerability-database/CVE-2022-25769

Severity Score

Weakness Type (CWE)

Improper Validation of Specified Quantity in Input

CWE-1284

Top Fix

icon

Upgrade Version

Upgrade to version mautic/core - dev-RCheesley-patch-2;mautic/core - dev-dependabot/composer/composer/composer-2.6.4;mautic/core - 3.3.5;mautic/core - dev-dependabot/npm_and_yarn/plugins/GrapesJsBuilderBundle/word-wrap-1.2.4;mautic/core - dev-dependabot/npm_and_yarn/plugins/GrapesJsBuilderBundle/async-3.2.3;mautic/core - dev-all-contributors/add-KN4CK3R;mautic/core - dev-dependabot/npm_and_yarn/app/assets/scaffold/files/grunt-1.3.0;mautic/core - dev-dependabot/composer/composer/composer-2.7.7;mautic/core - 4.2.0-rc;mautic/core - dev-dependabot/npm_and_yarn/app/assets/scaffold/files/grunt-1.5.2;mautic/core - dev-temp-3.2;mautic/core - dev-temp-2.16;mautic/core - dev-RCheesley-patch-1;mautic/core - dev-bump-4.0.2-rc;mautic/core - dev-dependabot/npm_and_yarn/app/assets/scaffold/files/requirejs-2.3.7;mautic/core - dev-staging3.0.x-include-exclude-for-text-field;mautic/core - dev-dependabot/composer/composer/composer-2.7.0;mautic/core - dev-dependabot/npm_and_yarn/braces-3.0.3;mautic/core - dev-dependabot/npm_and_yarn/plugins/GrapesJsBuilderBundle/minimatch-3.1.2;mautic/core - dev-3.2.2-merge;mautic/core - dev-dependabot/npm_and_yarn/micromatch-4.0.8;mautic/core - dev-merge-3.3.3-into-features;mautic/core - dev-remove-mautibox-reference-4.1;mautic/core - dev-dependabot/composer/composer/composer-2.2.12

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): HIGH
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us