CVE-2022-25775 MEDIUM

CVE-2022-25775: SQL Injection in dynamic Reports

Vendor Mautic
Product Mautic
Weakness CWE-89 · SQLi
Published September 18, 2024
Last update September 18, 2024

CVSS base score

6.6/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.

Key dates

02Disclosure timeline

September 18, 2024 CVE published
September 18, 2024 Record updated