CVE-2017-1000490
MEDIUM6.5EPSS 0.34%Mautic users able to download any files from server using filemanager
發布日:2021/1/19修改日:2024/2/16
描述
### Impact Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to. ### Patches Update to 2.12.0 or later. ### Workarounds None ### For more information If you have any questions or comments about this advisory: * Email us at [[email protected]](mailto:[email protected])
受影響套件(1)
- Packagist/mautic/core>= 1.0.0, < 2.12.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |