Medium severity5.8NVD Advisory· Published Mar 23, 2021· Updated Jun 17, 2026
CVE-2021-27908
CVE-2021-27908
Description
In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mautic/corePackagist | < 3.3.2 | 3.3.2 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpxnvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-4hjq-422q-4vpxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-27908ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27908.yamlghsaWEB
News mentions
0No linked articles in our index yet.