High severity7.5NVD Advisory· Published Apr 17, 2018· Updated Jun 17, 2026
CVE-2018-10189
CVE-2018-10189
Description
An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mautic/corePackagist | < 2.13.0 | 2.13.0 |
Affected products
1Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-vfxj-qg93-7wwcghsaADVISORY
- github.com/mautic/mautic/releases/tag/2.13.0nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-10189ghsaADVISORY
- github.com/mautic/mautic/security/advisories/GHSA-vfxj-qg93-7wwcghsaWEB
News mentions
0No linked articles in our index yet.