Insufficient authentication in upgrade flow

Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

关键功能的认证机制缺失

Mautic 安全漏洞

Mautic是Mautic开源的一款开源的营销自动化软件。该软件能够监控管理网站、发送电子邮件并管理客户资源。 Mautic存在安全漏洞，该漏洞源于允许通过升级脚本更新应用程序，升级逻辑未正确屏蔽，可能会导致易受攻击的情况。

N/A

N/A