← Voltar para CVEs
CVE-2022-25769
HIGH7.2
Descricao
ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path.
Detalhes CVE
Pontuacao CVSS v3.17.2
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeHIGH
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado9/18/2024
Ultima modificacao2/27/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
acquia:mautic
Fraquezas (CWE)
CWE-1284CWE-1284
Referencias
https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56(security@mautic.org)
https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic(security@mautic.org)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.