CVE-2017-8874

HIGH8.8EPSS 0.12%

Mautic Cross-Site Request Forgery (CSRF)

Published: 5/13/2022Modified: 4/23/2024

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts.

Affected packages (1)

Packagist/mautic/core

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-8874
PATCHhttps://github.com/mautic/mautic
WEBhttps://github.com/mautic/mautic/issues/3486