How severe is CVE-2022-25769?

CVE-2022-25769 has a CVSS v3 score of 7.2 (HIGH).

CVE-2022-25769

Name: mautic
Author: acquia

7.2HIGH

ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the rege

Veröffentlicht: 9/18/2024Aktualisiert: 2/27/2025

Beschreibung

ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path.

KI-AnalyseKI-gestützt

Betroffene Produkte

acquiamautic

Referenzen

https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56
Vendor Advisory
https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic
Release Notes