Mautic user without privileged access to the Marketplace can install and uninstall composer packages

SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked. ImpactA low-privileged user of the platform can install malicious code to obtain higher privileges.

N/A

授权机制缺失

Mautic 安全漏洞

Mautic是Mautic开源的一款开源的营销自动化软件。该软件能够监控管理网站、发送电子邮件并管理客户资源。 Mautic存在安全漏洞，该漏洞源于非特权用户可通过composer安装和移除任意包，可能导致低权限用户安装恶意代码获取更高权限。

N/A

N/A