Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
Vulnerability Type
信息暴露
Vulnerability Title
Mautic 注入漏洞
Vulnerability Description
Mautic是一款开源的营销自动化软件。该软件能够监控管理网站、发送电子邮件并管理客户资源。 Mautic 3.3.2 存在注入漏洞,该漏洞允许授权管理员用户可以通过在Mautic配置中的任意自由文本字段中利用Symfony参数语法公开机密参数。
CVSS Information
N/A
Vulnerability Type
N/A