CVE-2022-25775 (GCVE-0-2022-25775)
Vulnerability from cvelistv5
Published
2024-09-18 15:01
Modified
2024-09-18 21:30
Severity ?
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.
References
Impacted products
Vendor Product Version
Mautic Mautic Version: >= 2.14.1   
Version: > 5.0.0   
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mautic:mautic:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "mautic",
            "vendor": "mautic",
            "versions": [
              {
                "lessThan": "4.4.12",
                "status": "affected",
                "version": "2.14.1",
                "versionType": "semver"
              },
              {
                "lessThan": "5.0.4",
                "status": "affected",
                "version": "5.0.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-25775",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-18T17:46:22.968034Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-18T17:47:36.323Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://packagist.org",
          "defaultStatus": "unaffected",
          "packageName": "mautic/core",
          "product": "Mautic",
          "repo": "https://github.com/mautic/mautic",
          "vendor": "Mautic",
          "versions": [
            {
              "lessThan": "\u003c 4.4.12",
              "status": "affected",
              "version": "\u003e= 2.14.1",
              "versionType": "semver"
            },
            {
              "lessThan": "\u003c 5.0.4",
              "status": "affected",
              "version": "\u003e 5.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "a-solovev"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Lenon Leite"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "John Linhart"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "John Linhart"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Akivarsha Saha"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePrior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.\u003c/p\u003e\u003cp\u003eThe user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.\u003c/p\u003e"
            }
          ],
          "value": "Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.\n\nThe user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-66",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-66 SQL Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-18T21:30:23.104Z",
        "orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
        "shortName": "Mautic"
      },
      "references": [
        {
          "url": "https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to 4.4.12 or 5.0.4 or higher."
            }
          ],
          "value": "Update to 4.4.12 or 5.0.4 or higher."
        }
      ],
      "source": {
        "advisory": "GHSA-jj6w-2cqg-7p94",
        "discovery": "EXTERNAL"
      },
      "title": "SQL Injection in dynamic Reports",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
    "assignerShortName": "Mautic",
    "cveId": "CVE-2022-25775",
    "datePublished": "2024-09-18T15:01:23.529Z",
    "dateReserved": "2022-02-22T20:17:36.805Z",
    "dateUpdated": "2024-09-18T21:30:23.104Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-25775\",\"sourceIdentifier\":\"security@mautic.org\",\"published\":\"2024-09-18T15:15:13.440\",\"lastModified\":\"2024-09-23T23:22:15.763\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.\\n\\nThe user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.\"},{\"lang\":\"es\",\"value\":\"Antes de la versi\u00f3n parcheada, los usuarios registrados de Mautic eran vulnerables a una vulnerabilidad de inyecci\u00f3n SQL en el paquete de informes. El usuario pod\u00eda recuperar y alterar datos como datos confidenciales, datos de inicio de sesi\u00f3n y, seg\u00fan el permiso de la base de datos, el atacante pod\u00eda manipular los sistemas de archivos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@mautic.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.7,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@mautic.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.14.1\",\"versionEndExcluding\":\"4.4.12\",\"matchCriteriaId\":\"E6C670F8-5A52-4013-BC7F-7D63F0B9EFE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.0.4\",\"matchCriteriaId\":\"3123A79D-F360-44BE-85BA-34304F3E1B40\"}]}]}],\"references\":[{\"url\":\"https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94\",\"source\":\"security@mautic.org\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-25775\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-18T17:46:22.968034Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:mautic:mautic:-:*:*:*:*:*:*:*\"], \"vendor\": \"mautic\", \"product\": \"mautic\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.14.1\", \"lessThan\": \"4.4.12\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"5.0.0\", \"lessThan\": \"5.0.4\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-18T17:47:27.121Z\"}}], \"cna\": {\"title\": \"SQL Injection in dynamic Reports\", \"source\": {\"advisory\": \"GHSA-jj6w-2cqg-7p94\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"a-solovev\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Lenon Leite\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"John Linhart\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"John Linhart\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"Akivarsha Saha\"}], \"impacts\": [{\"capecId\": \"CAPEC-66\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-66 SQL Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/mautic/mautic\", \"vendor\": \"Mautic\", \"product\": \"Mautic\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 2.14.1\", \"lessThan\": \"\u003c 4.4.12\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"\u003e 5.0.0\", \"lessThan\": \"\u003c 5.0.4\", \"versionType\": \"semver\"}], \"packageName\": \"mautic/core\", \"collectionURL\": \"https://packagist.org\", \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update to 4.4.12 or 5.0.4 or higher.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update to 4.4.12 or 5.0.4 or higher.\", \"base64\": false}]}], \"references\": [{\"url\": \"https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.\\n\\nThe user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003ePrior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.\u003c/p\u003e\u003cp\u003eThe user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"4e531c38-7a33-45d3-98dd-d909c0d8852e\", \"shortName\": \"Mautic\", \"dateUpdated\": \"2024-09-18T21:30:23.104Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-25775\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-18T21:30:23.104Z\", \"dateReserved\": \"2022-02-22T20:17:36.805Z\", \"assignerOrgId\": \"4e531c38-7a33-45d3-98dd-d909c0d8852e\", \"datePublished\": \"2024-09-18T15:01:23.529Z\", \"assignerShortName\": \"Mautic\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.