CVE-2022-25769

CVSS V2 None CVSS V3 None

Description

ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path.

Overview

CVE ID
CVE-2022-25769

Assigner
Mautic

Vulnerability Status
PUBLISHED

Published Version
2024-09-18T14:47:09.029Z

Last Modified Date
2024-09-18T21:28:12.305Z

Weakness Enumerations

CWE	URL
CWE-1284	http://cwe.mitre.org/data/definitions/1284.html

References

Reference URL	Reference Tags
https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56
https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-25769
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25769

History

Created	Old Value	New Value	Data Type	Notes
2024-10-06 03:17:58				Added to TrackCVE