Home > Vulnerability Database > CVE-2022-25775

Mend.io Vulnerability Database

CVE-2022-25775

Date: September 18, 2024

Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.

Severity Score

6.6

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-25775

Url: https://github.com/mautic/mautic/commit/cab65e0acc4f23c4f07c117dee1b69dac5abed3f

Url: https://github.com/mautic/mautic

Url: https://github.com/mautic/mautic/commit/e75b1eea16309588f069169b5882cf53f854dbd8

Url: https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94

Url: https://www.mend.io/vulnerability-database/CVE-2022-25775

Severity Score

6.6

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

CVSS v3.1

Base Score:	6.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-25775

Date: September 18, 2024

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?