← Zuruck zu CVEs
CVE-2022-25769
HIGH7.2
Beschreibung
ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path.
CVE Details
CVSS v3.1 Bewertung7.2
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H
AngriffsvektorLOCAL
KomplexitatHIGH
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht9/18/2024
Zuletzt geandert2/27/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
acquia:mautic
Schwachen (CWE)
CWE-1284CWE-1284
Referenzen
https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56(security@mautic.org)
https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic(security@mautic.org)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.