CVE-2022-25769

Published: Sep 18, 2024Modified: Feb 27, 2025

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path.

Affected (2)

Products: Acquia: Mautic

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Acquia Mautic	Before 3.3.5
Acquia Mautic	From 4.0.0 to 4.2.0

Related CWEs

Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

References (2)

https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56

Source: security@mautic.org

Vendor Advisory

https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic

Source: security@mautic.org

Release Notes

Timeline

No history available yet.