CVE-2022-25769 HIGH

CVE-2022-25769: Improper regex in htaccess file

Vendor Mautic
Product Mautic
Weakness CWE-1284
Published September 18, 2024
Last update September 18, 2024

CVSS base score

7.2/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H

What the vulnerability does

01Description

ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path.

Key dates

02Disclosure timeline

September 18, 2024 CVE published
September 18, 2024 Record updated