{"vulnerability": "CVE-2024-47051", "sightings": [{"uuid": "b2d819e5-df55-4886-b1f2-80626a3487a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47051", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ljfjw3obys2f", "content": "", "creation_timestamp": "2025-03-02T13:25:12.432591Z"}, {"uuid": "177c47b0-7ee9-42f2-bb31-4a7f65de661d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47051", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114071918573609938", "content": "", "creation_timestamp": "2025-02-26T19:49:10.464068Z"}, {"uuid": "5e373716-49dd-4a16-a0fd-0c8d4778593c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47051", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lj4epoaebp26", "content": "", "creation_timestamp": "2025-02-26T21:58:10.493446Z"}, {"uuid": "9644e1b6-dfb4-40fc-bed5-544cc1a36a17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47051", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-12T13:33:28.000000Z"}, {"uuid": "411b603b-6334-4d06-bc59-fc7f14883acf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47051", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lj4ljq7wuj2z", "content": "", "creation_timestamp": "2025-02-27T00:00:11.211587Z"}, {"uuid": "91cb0fdc-9f28-4f34-963a-2a19ed1585cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47051", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lj5tr5zh4p27", "content": "", "creation_timestamp": "2025-02-27T12:00:06.868602Z"}, {"uuid": "ef36acd0-718e-45e0-92e0-74762901620a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47051", "type": "seen", "source": "https://bsky.app/profile/druid.fi/post/3lj33ptmzfc2z", "content": "", "creation_timestamp": "2025-02-26T09:44:35.019146Z"}, {"uuid": "55f76555-af65-42dd-a2a9-9d04f7967c78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47051", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-21T03:19:27.000000Z"}, {"uuid": "bb78c376-316f-402b-bb43-8fd1359f44f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47051", "type": "published-proof-of-concept", "source": "Telegram/6x5JFB1mh-KsEZivZp3gjSaXJ58VhO2Ttj6R645bZY-KT8s", "content": "", "creation_timestamp": "2025-09-29T15:00:07.000000Z"}, {"uuid": "b54a7708-6e8d-4e4f-9be7-22a43be2b0b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47051", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5484", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-47051\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L)\n\ud83d\udd39 Description: This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users.\n\n  *  Remote Code Execution (RCE) via Asset Upload:\u00a0A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts.\n\n\n  *  Path Traversal File Deletion:\u00a0A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system.\n\ud83d\udccf Published: 2025-02-26T12:01:26.374Z\n\ud83d\udccf Modified: 2025-02-26T12:01:26.374Z\n\ud83d\udd17 References:\n1. https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2\n2. https://owasp.org/www-community/attacks/Code_Injection\n3. https://owasp.org/www-community/attacks/Path_Traversal", "creation_timestamp": "2025-02-26T12:31:53.000000Z"}, {"uuid": "4adec726-89b2-4e0f-8f19-7bed12a2c1e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47051", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/15977", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aMautic < 5.2.3 Authenticated RCE\nURL\uff1ahttps://github.com/mallo-m/CVE-2024-47051\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-02-28T05:32:27.000000Z"}, {"uuid": "fb6dbb4f-748c-47c2-9418-2066a8a41bfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47051", "type": "seen", "source": "https://t.me/cybersecplayground/116", "content": "\ud83d\udea8 Critical Alert: CVE-2024-47051 (CVSS 9.1) \u2013 Mautic RCE & File Deletion Vulnerability \ud83d\udea8\n\n\ud83d\udd25 What is CVE-2024-47051?\nA critical security flaw has been discovered in Mautic (before version 5.2.3) that allows:\n\nRemote Code Execution (RCE): \nAttackers can run arbitrary commands on the server.\nArbitrary File Deletion: Attackers can delete critical files, leading to system compromise or service disruption.\n\n\ud83c\udfaf Impact & Risk\nWidespread Exposure: Over 200,000 organizations rely on Mautic for marketing automation.\nPublic-Facing Instances: Many exposed instances are accessible on the internet, making them high-value targets.\n\nPotential Consequences:\nFull server takeover by exploiting RCE\nDeletion of essential system files leading to denial of service (DoS)\nSensitive data leakage\n\n\ud83d\udd0d Detection & Exploitation\n\ud83d\udcca Hunter Exposure: 64K+ instances found on Hunter.\n\n\ud83d\udd0e Dorks:\n\nFOFA: product=\"Mautic\"\nHunter: product.name=\"Mautic\"\n\n\ud83d\udee1 Mitigation & Fix\n\u2705 Upgrade to Mautic 5.2.3+ immediately.\n\u2705 Restrict access to Mautic instances using firewalls and authentication.\n\u2705 Monitor logs for unusual activities or unauthorized access attempts.\n\u2705 Use Web Application Firewalls (WAFs) to detect and block exploit attempts.\n\n\ud83d\udcf0 References & More Info\n\ud83d\udd17 SecurityOnline Info\n\n\ud83d\udce2 Join us for more security updates! \ud83d\udc49 @cybersecplayground\n\n#Mautic #hunterhow #infosec #infosecurity #OSINT #Vulnerability #cybersecplayground \ud83d\ude80", "creation_timestamp": "2025-03-03T06:08:17.000000Z"}, {"uuid": "e4a5b69a-0231-465e-8794-f487eeea29d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47051", "type": "published-proof-of-concept", "source": "Telegram/jbRQaSaN2N0kXwljQYCoonpQHmzDHlddlNPLUgvahHArL2U", "content": "", "creation_timestamp": "2025-02-28T10:00:07.000000Z"}]}