cnvd - cnvd-2025-04491

cnvd-2025-04491

Vulnerability from cnvd

Title: Mautic任意文件上传漏洞

Description:

Mautic是一款开源营销自动化应用程序。

Mautic 5.2.3之前版本存在任意文件上传漏洞，该漏洞源于对上传文件扩展名验证不足和文件路径处理不当。攻击者可以利用该漏洞上传恶意文件，例如PHP脚本，以执行任意代码。

Severity: 高

Patch Name: Mautic任意文件上传漏洞的补丁

Patch Description:

Mautic是一款开源营销自动化应用程序。

Mautic 5.2.3之前版本存在任意文件上传漏洞，该漏洞源于对上传文件扩展名验证不足和文件路径处理不当。攻击者可以利用该漏洞上传恶意文件，例如PHP脚本，以执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已提供漏洞修复方案，请关注厂商主页更新： https://mautic.org

Reference: https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2 https://owasp.org/www-community/attacks/Code_Injection https://owasp.org/www-community/attacks/Path_Traversal

Impacted products

Name
Mautic Mautic <5.2.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-47051",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-47051"
    }
  },
  "description": "Mautic\u662f\u4e00\u6b3e\u5f00\u6e90\u8425\u9500\u81ea\u52a8\u5316\u5e94\u7528\u7a0b\u5e8f\u3002\n\nMautic 5.2.3\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u4e0a\u4f20\u6587\u4ef6\u6269\u5c55\u540d\u9a8c\u8bc1\u4e0d\u8db3\u548c\u6587\u4ef6\u8def\u5f84\u5904\u7406\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0a\u4f20\u6076\u610f\u6587\u4ef6\uff0c\u4f8b\u5982PHP\u811a\u672c\uff0c\u4ee5\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://mautic.org",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-04491",
  "openTime": "2025-03-06",
  "patchDescription": "Mautic\u662f\u4e00\u6b3e\u5f00\u6e90\u8425\u9500\u81ea\u52a8\u5316\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nMautic 5.2.3\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u4e0a\u4f20\u6587\u4ef6\u6269\u5c55\u540d\u9a8c\u8bc1\u4e0d\u8db3\u548c\u6587\u4ef6\u8def\u5f84\u5904\u7406\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0a\u4f20\u6076\u610f\u6587\u4ef6\uff0c\u4f8b\u5982PHP\u811a\u672c\uff0c\u4ee5\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mautic\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Mautic Mautic \u003c5.2.3"
  },
  "referenceLink": "https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2\r\nhttps://owasp.org/www-community/attacks/Code_Injection\r\nhttps://owasp.org/www-community/attacks/Path_Traversal",
  "serverity": "\u9ad8",
  "submitTime": "2025-02-28",
  "title": "Mautic\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e"
}

CVE-2024-47051 (GCVE-0-2024-47051)

Vulnerability from cvelistv5

Published

2025-02-26 12:01

Modified

2025-02-26 14:29

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

CWE

CWE-23
CWE-94 - Improper Control of Generation of Code ('Code Injection')

Summary

This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts. * Path Traversal File Deletion: A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system.

References

▼	URL	Tags
	https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2
	https://owasp.org/www-community/attacks/Code_Injection
	https://owasp.org/www-community/attacks/Path_Traversal

Impacted products

	Vendor	Product	Version
	Mautic	mautic/core	Version: < 5.2.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47051",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T14:29:14.685636Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-26T14:29:46.622Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://packagist.org",
          "defaultStatus": "unaffected",
          "packageName": "mautic/core",
          "product": "mautic/core",
          "repo": "https://github.com/mautic/mautic",
          "vendor": "Mautic",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 5.2.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "mallo-m"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Patryk Gruzska"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Lenon Leite"
        }
      ],
      "datePublic": "2025-02-25T11:44:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThis advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cstrong\u003eRemote Code Execution (RCE) via Asset Upload:\u003c/strong\u003e\u0026nbsp;A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cstrong\u003ePath Traversal File Deletion:\u003c/strong\u003e\u0026nbsp;A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system.\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users.\n\n  *  Remote Code Execution (RCE) via Asset Upload:\u00a0A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts.\n\n\n  *  Path Traversal File Deletion:\u00a0A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-139",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-139 Relative Path Traversal"
            }
          ]
        },
        {
          "capecId": "CAPEC-242",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-242 Code Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-26T12:01:26.374Z",
        "orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
        "shortName": "Mautic"
      },
      "references": [
        {
          "url": "https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2"
        },
        {
          "url": "https://owasp.org/www-community/attacks/Code_Injection"
        },
        {
          "url": "https://owasp.org/www-community/attacks/Path_Traversal"
        }
      ],
      "source": {
        "advisory": "GHSA-73gx-x7r9-77x2",
        "discovery": "USER"
      },
      "title": "Remote Code Execution \u0026 File Deletion in Asset Uploads",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
    "assignerShortName": "Mautic",
    "cveId": "CVE-2024-47051",
    "datePublished": "2025-02-26T12:01:26.374Z",
    "dateReserved": "2024-09-17T13:41:00.584Z",
    "dateUpdated": "2025-02-26T14:29:46.622Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted