cnvd - cnvd-2025-04491

CNVD-2025-04491

Vulnerability from cnvd - Published: 2025-03-06

Title

Mautic任意文件上传漏洞

Description

Mautic是一款开源营销自动化应用程序。 Mautic 5.2.3之前版本存在任意文件上传漏洞，该漏洞源于对上传文件扩展名验证不足和文件路径处理不当。攻击者可以利用该漏洞上传恶意文件，例如PHP脚本，以执行任意代码。

Severity

高

Patch Name

Mautic任意文件上传漏洞的补丁

Patch Description

Mautic是一款开源营销自动化应用程序。 Mautic 5.2.3之前版本存在任意文件上传漏洞，该漏洞源于对上传文件扩展名验证不足和文件路径处理不当。攻击者可以利用该漏洞上传恶意文件，例如PHP脚本，以执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已提供漏洞修复方案，请关注厂商主页更新： https://mautic.org

Reference

https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2 https://owasp.org/www-community/attacks/Code_Injection https://owasp.org/www-community/attacks/Path_Traversal

Impacted products

Name
Mautic Mautic <5.2.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-47051",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-47051"
    }
  },
  "description": "Mautic\u662f\u4e00\u6b3e\u5f00\u6e90\u8425\u9500\u81ea\u52a8\u5316\u5e94\u7528\u7a0b\u5e8f\u3002\n\nMautic 5.2.3\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u4e0a\u4f20\u6587\u4ef6\u6269\u5c55\u540d\u9a8c\u8bc1\u4e0d\u8db3\u548c\u6587\u4ef6\u8def\u5f84\u5904\u7406\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0a\u4f20\u6076\u610f\u6587\u4ef6\uff0c\u4f8b\u5982PHP\u811a\u672c\uff0c\u4ee5\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://mautic.org",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-04491",
  "openTime": "2025-03-06",
  "patchDescription": "Mautic\u662f\u4e00\u6b3e\u5f00\u6e90\u8425\u9500\u81ea\u52a8\u5316\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nMautic 5.2.3\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u4e0a\u4f20\u6587\u4ef6\u6269\u5c55\u540d\u9a8c\u8bc1\u4e0d\u8db3\u548c\u6587\u4ef6\u8def\u5f84\u5904\u7406\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0a\u4f20\u6076\u610f\u6587\u4ef6\uff0c\u4f8b\u5982PHP\u811a\u672c\uff0c\u4ee5\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mautic\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Mautic Mautic \u003c5.2.3"
  },
  "referenceLink": "https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2\r\nhttps://owasp.org/www-community/attacks/Code_Injection\r\nhttps://owasp.org/www-community/attacks/Path_Traversal",
  "serverity": "\u9ad8",
  "submitTime": "2025-02-28",
  "title": "Mautic\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e"
}

CVE-2024-47051 (GCVE-0-2024-47051)

Vulnerability from cvelistv5 – Published: 2025-02-26 12:01 – Updated: 2025-02-26 14:29

Summary

This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts. * Path Traversal File Deletion: A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

CWE

CWE-23
CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

Mautic

References

URL

Tags

	https://github.com/mautic/mautic/security/advisor…
	https://owasp.org/www-community/attacks/Code_Injection
	https://owasp.org/www-community/attacks/Path_Traversal

Impacted products

	Vendor	Product	Version
	Mautic	mautic/core	Affected: < 5.2.3

Credits

mallo-m Patryk Gruzska Lenon Leite

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47051",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T14:29:14.685636Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-26T14:29:46.622Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://packagist.org",
          "defaultStatus": "unaffected",
          "packageName": "mautic/core",
          "product": "mautic/core",
          "repo": "https://github.com/mautic/mautic",
          "vendor": "Mautic",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 5.2.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "mallo-m"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Patryk Gruzska"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Lenon Leite"
        }
      ],
      "datePublic": "2025-02-25T11:44:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThis advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cstrong\u003eRemote Code Execution (RCE) via Asset Upload:\u003c/strong\u003e\u0026nbsp;A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cstrong\u003ePath Traversal File Deletion:\u003c/strong\u003e\u0026nbsp;A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system.\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users.\n\n  *  Remote Code Execution (RCE) via Asset Upload:\u00a0A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts.\n\n\n  *  Path Traversal File Deletion:\u00a0A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-139",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-139 Relative Path Traversal"
            }
          ]
        },
        {
          "capecId": "CAPEC-242",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-242 Code Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-26T12:01:26.374Z",
        "orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
        "shortName": "Mautic"
      },
      "references": [
        {
          "url": "https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2"
        },
        {
          "url": "https://owasp.org/www-community/attacks/Code_Injection"
        },
        {
          "url": "https://owasp.org/www-community/attacks/Path_Traversal"
        }
      ],
      "source": {
        "advisory": "GHSA-73gx-x7r9-77x2",
        "discovery": "USER"
      },
      "title": "Remote Code Execution \u0026 File Deletion in Asset Uploads",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
    "assignerShortName": "Mautic",
    "cveId": "CVE-2024-47051",
    "datePublished": "2025-02-26T12:01:26.374Z",
    "dateReserved": "2024-09-17T13:41:00.584Z",
    "dateUpdated": "2025-02-26T14:29:46.622Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-04491

CVE-2024-47051 (GCVE-0-2024-47051)

Tags

Sightings

Nomenclature