Home > Vulnerability Database > CVE-2022-25769

Mend.io Vulnerability Database

CVE-2022-25769

Good to know:

Date: February 23, 2022

mautic/core versions prior to 3.3.5,4.2.0 are vulnerable to Improper regex in htaccess file. The default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path..

Language: PHP

Severity Score

5.3

Related Resources (4)

Url: https://github.com/mautic/mautic/commit/41ed0a7ffe0d6c64c19fe516dfe24276e9d4bcb4

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-25769

Url: https://github.com/advisories/GHSA-mj6m-246h-9w56

Url: https://www.mend.io/vulnerability-database/CVE-2022-25769

Severity Score

5.3

Top Fix

Upgrade Version

Upgrade to version 3.3.5,4.2.0

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-25769

Good to know:

Date: February 23, 2022

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?