Vulnerability Description
This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts. * Path Traversal File Deletion: A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Acquia | Mautic | < 5.2.3 |
Related Weaknesses (CWE)
References
- https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2Vendor Advisory
- https://owasp.org/www-community/attacks/Code_InjectionNot Applicable
- https://owasp.org/www-community/attacks/Path_TraversalNot Applicable
FAQ
What is CVE-2024-47051?
CVE-2024-47051 is a vulnerability with a CVSS score of 9.1 (CRITICAL). This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE...
How severe is CVE-2024-47051?
CVE-2024-47051 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-47051?
Check the references section above for vendor advisories and patch information. Affected products include: Acquia Mautic.