CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Summary
This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users.
Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts.
Path Traversal File Deletion: A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system.
Mitigation
Please update to 5.2.3 or later.
Workarounds
None
References
https://owasp.org/www-community/attacks/Code_Injection
https://owasp.org/www-community/attacks/Path_Traversal
If you have any questions or comments about this advisory:
Email us at [email protected]
References
https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2
https://github.com/mautic/mautic/commit/75bc488ce98b9c8ec01114984049fc1c42c0cae5
https://github.com/advisories/GHSA-73gx-x7r9-77x2
February 26th, 2025 (4 months ago)
|
|
|
Description: Summary
This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data.
Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can access all reports and their associated data via the API. This bypasses the intended access controls governed by the "Reporting Permissions > View Own" and "Reporting Permissions > View Others" permissions, which should restrict access to non-System Reports.
Mitigation
Please update to Mautic 5.2.3 or later
Workarounds
Disable the API in Mautic. See documentation.
References
https://cwe.mitre.org/data/definitions/285.html
https://docs.mautic.org/en/5.2/configuration/settings.html#api-settings
If you have any questions or comments about this advisory:
Email us at [email protected]
References
https://github.com/mautic/mautic/security/advisories/GHSA-8xv7-g2q3-fqgc
https://github.com/mautic/mautic/commit/9d7ee57c92502ef77cddb091011c5ffef14b11ee
https://github.com/advisories/GHSA-8xv7-g2q3-fqgc
February 26th, 2025 (4 months ago)
|
|
|
Description: Summary
This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server.
Improper Limitation of a Pathname to a Restricted Directory: A vulnerability exists in the asset upload functionality that allows users to upload files to directories outside of the intended temporary directory.
Mitigation
Please update to 5.2.3 or later.
Workarounds
None
References
If you have any questions or comments about this advisory:
Email us at [email protected]
References
https://github.com/mautic/mautic/security/advisories/GHSA-4w2w-36vm-c8hf
https://github.com/mautic/mautic/commit/e6aaad99f399c5df1ce6273609920098e5c2564a
https://github.com/advisories/GHSA-4w2w-36vm-c8hf
February 26th, 2025 (4 months ago)
|
CVE-2025-1726 |
Description: There is a SQL injection issue in Esri ArcGIS Monitor versions 2023.0 through 2024.x on Windows and Linux that allows a remote, authenticated attacker with low privileges to improperly read limited database schema information by passing crafted queries. While it is possible to enumerate some internal database identifiers, the impact to the confidentiality vector is "LOW' because any sensitive data returned in a response is encrypted. There is no evidence of impact to the integrity or availability vectors. This issue is addressed in ArcGIS Monitor 2024.1.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
February 26th, 2025 (4 months ago)
|
|
|
Description: There's an untapped universe of exploitable drivers in the wild today. By exploiting just one of them, attackers were able to defeat security tools and infect Asian citizens with Gh0stRAT.
February 26th, 2025 (4 months ago)
|
|
|
Description: The UK's Southern Water has been forced to shell out millions due to a Black Basta cyberattack, and it has come to light that the total could include a ransom payment.
February 26th, 2025 (4 months ago)
|
|
|
Description: A Threat Actor Claims to have Leaked the Data of Vashantek School & College
February 26th, 2025 (4 months ago)
|
|
CVE-2024-39549 |
Description: A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS).
Consumed memory can be freed by manually restarting Routing Protocol Daemon (rpd).
Memory utilization could be monitored by:
user@host> show system memory or show system monitor memory status
This issue affects:
Junos OS: * All versions before 21.2R3-S8,
* from 21.4 before 21.4R3-S8,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S3,
* from 23.2 before 23.2R2-S1,
* from 23.4 before 23.4R1-S2, 23.4R2.
Junos OS Evolved:
* All versions before 21.2R3-S8-EVO,
* from 21.4 before 21.4R3-S8-EVO,
* from 22.2 before 22.2R3-S4-EVO,
* from 22.3 before 22.3R3-S3-EVO,
* from 22.4 before 22.4R3-S3-EVO,
* from 23.2 before 23.2R2-S1-EVO,
* from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO.
CVSS: HIGH (7.5) EPSS Score: 0.4% SSVC Exploitation: none
February 26th, 2025 (4 months ago)
|
|
CVE-2024-3432 |
Description: A vulnerability was found in PuneethReddyHC Event Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259613 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in PuneethReddyHC Event Management 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /backend/register.php. Mit der Manipulation des Arguments event_id/full_name/email/mobile/college/branch mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.5) EPSS Score: 0.19% SSVC Exploitation: none
February 26th, 2025 (4 months ago)
|
|
CVE-2024-3418 |
Description: A vulnerability, which was classified as critical, was found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/deactivateteach.php. The manipulation of the argument selector leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259590 is the identifier assigned to this vulnerability. Es wurde eine Schwachstelle in SourceCodester Online Courseware 1.0 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei admin/deactivateteach.php. Dank Manipulation des Arguments selector mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.43% SSVC Exploitation: poc
February 26th, 2025 (4 months ago)
|