Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-27916


Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files. This vulnerability exists in the implementation of the GrapesJS builder in Mautic.


Published

2024-09-17T15:15:11.967

Last Modified

2024-10-02T14:29:42.407

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-22
  • Type: Primary
    CWE-22

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application acquia mautic < 4.4.12 Yes
Application acquia mautic < 5.0.4 Yes

References