CVE-2021-27916 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2021-27916

CVE-2021-27916

September 17, 2024

Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files. This vulnerability exists in the implementation of the GrapesJS builder in Mautic.

Related Resources (5)

https://nvd.nist.gov/vuln/detail/CVE-2021-27916

https://github.com/mautic/mautic/commit/546045ff9c74dd8b3dac36c4ab3674380262c65a

https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p

https://github.com/mautic/mautic

https://github.com/mautic/mautic/commit/95e8df3ae6730c725f1848d70e7992da369518f3

Do you need more information?

CVSS v4

Base Score:

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Weakness Type (CWE)

Relative Path Traversal

CWE-23

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

EPSS

Base Score:

0.15

Products

Solutions

Resources

Company

Compare

Developer Tools