Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Access Control in UI upgrade process
Vulnerability Description
The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
Mautic 安全漏洞
Vulnerability Description
Mautic是Mautic开源的一款开源的营销自动化软件。该软件能够监控管理网站、发送电子邮件并管理客户资源。 Mautic 1.1.3及之前版本存在安全漏洞,该漏洞源于执行更新过程的用户界面逻辑中,缺乏访问控制以验证是否具有执行任务的权限,可能允许攻击者未经授权访问Mautic版本号或执行部分升级过程。
CVSS Information
N/A
Vulnerability Type
N/A