CVE-2022-25775
low-risk
Published 2024-09-18
Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.
Do I need to act?
-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.6/10
Medium
NETWORK
/ HIGH complexity
Affected Products (1)
Affected Vendors
References (1)
Third Party Advisory
https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94
25
/ 100
low-risk
Severity
20/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal