We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.
Reserved 2022-02-22 | Published 2024-09-18 | Updated 2024-09-18 | Assigner MauticCWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
a-solovev
Lenon Leite
John Linhart
John Linhart
Akivarsha Saha
github.com/...mautic/security/advisories/GHSA-jj6w-2cqg-7p94
Support options