VYPR
Moderate severityNVD Advisory· Published Sep 18, 2024· Updated Sep 19, 2024

Insufficient authentication in upgrade flow

CVE-2022-25770

Description

Mautic allows you to update the application via an upgrade script.

The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.

This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
mautic/corePackagist
>= 1.0.0-beta3, < 4.4.134.4.13
mautic/corePackagist
>= 5.0.0-alpha, < 5.1.15.1.1
mautic/core-libPackagist
>= 1.0.0-beta3, < 4.4.134.4.13
mautic/core-libPackagist
>= 5.0.0-alpha, < 5.1.15.1.1

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.