VYPR
Moderate severityNVD Advisory· Published Sep 18, 2024· Updated Sep 18, 2024

SQL Injection in dynamic Reports

CVE-2022-25775

Description

Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.

The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
mautic/corePackagist
>= 2.14.1, < 4.4.124.4.12
mautic/corePackagist
>= 5.0.0-alpha, < 5.0.45.0.4

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.