mautic/core Security Advisories for 4.x-dev (4)
-
[HIGH] Mautic is Vulnerable to SQL Injection through Contact Activity API Sorting
PKSA-frhs-vjy5-hffg CVE-2026-3105 GHSA-r5j5-q42h-fc93
Affected version: >=7.0.0-alpha,<7.0.1|>=6.0.0-alpha,<6.0.8|>=2.10.0,<5.2.10
Reported by:
GitHub -
[MEDIUM] Mautic allows Relative Path Traversal in assets file upload
PKSA-r9y9-cx91-ppbj CVE-2022-25773 GHSA-4w2w-36vm-c8hf
Affected version: <5.2.3
Reported by:
GitHub -
[HIGH] Mautic allows Improper Authorization in Reporting API
PKSA-d6g7-gn2x-xxxs CVE-2024-47053 GHSA-8xv7-g2q3-fqgc
Affected version: >=1.0.1,<5.2.3
Reported by:
GitHub -
[CRITICAL] Mautic allows Remote Code Execution and File Deletion in Asset Uploads
PKSA-r8cy-ghyg-685v CVE-2024-47051 GHSA-73gx-x7r9-77x2
Affected version: <5.2.3
Reported by:
GitHub