CVE-2022-25775: SQL Injection in dynamic Reports
First published: Fri Apr 12 2024(Updated: )
### Impact Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems. ### Patches Update to 4.4.12 or 5.0.4 ### Workarounds No ### References - https://owasp.org/www-community/attacks/SQL_Injection - https://owasp.org/www-community/attacks/Blind_SQL_Injection
Credit: security@mautic.org security@mautic.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/mautic/core | >=5.0.0-alpha<5.0.4 | 5.0.4 |
| composer/mautic/core | >=2.14.1<4.4.12 | 4.4.12 |
| Mautic | >=2.14.1<4.4.12 | |
| Mautic | >=5.0.0<5.0.4 |
Remedy
Update to 4.4.12 or 5.0.4 or higher.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94
- https://github.com/mautic/mautic/commit/cab65e0acc4f23c4f07c117dee1b69dac5abed3f
- https://github.com/mautic/mautic/commit/e75b1eea16309588f069169b5882cf53f854dbd8
- https://github.com/advisories/GHSA-jj6w-2cqg-7p94 (Advisory)
- https://nvd.nist.gov/vuln/detail/CVE-2022-25775
Frequently Asked Questions
What is the severity of CVE-2022-25775?
CVE-2022-25775 has a medium severity rating due to its potential impact on sensitive data and system integrity.
How do I fix CVE-2022-25775?
To fix CVE-2022-25775, update Mautic to version 5.0.4 or 4.4.12 or later.
What type of vulnerability is CVE-2022-25775?
CVE-2022-25775 is an SQL injection vulnerability affecting the Reports bundle in Mautic.
Who is affected by CVE-2022-25775?
Users of Mautic versions prior to 5.0.4 and 4.4.12 are affected by CVE-2022-25775.
What could an attacker do with CVE-2022-25775?
An attacker exploiting CVE-2022-25775 could potentially retrieve and alter sensitive data and manipulate file systems.
- agent/weakness
- agent/first-publish-date
- agent/remedy
- agent/title
- agent/type
- agent/description
- agent/event
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-jj6w-2cqg-7p94
- alias/CVE-2022-25775
- agent/software-canonical-lookup
- agent/references
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- collector/github-advisory
- agent/trending
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- package-manager/composer
- vendor/acquia
- canonical/mautic
- version/mautic/2.14.1
- version/mautic/5.0.0