Home > Vulnerability Database > CVE-2022-25775

Mend.io Vulnerability Database

CVE-2022-25775

Date: September 18, 2024

Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.

Severity Score

7.1

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-25775

Url: https://github.com/mautic/mautic/commit/cab65e0acc4f23c4f07c117dee1b69dac5abed3f

Url: https://github.com/mautic/mautic

Url: https://github.com/mautic/mautic/commit/e75b1eea16309588f069169b5882cf53f854dbd8

Url: https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94

Url: https://www.mend.io/vulnerability-database/CVE-2022-25775

Severity Score

7.1

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-25775

Date: September 18, 2024

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?