Plattform
php
Komponente
mautic/core
Behoben in
5.2.4
5.2.3
CVE-2024-47051 represents a critical Remote Code Execution (RCE) vulnerability discovered in Mautic Core versions prior to 5.2.3. This flaw allows authenticated users to bypass file extension restrictions and upload executable files, potentially granting attackers complete control over the system. The vulnerability impacts Mautic Core versions 5.2.2 and earlier, and a patch is available in version 5.2.3.
The primary impact of CVE-2024-47051 is the potential for Remote Code Execution. An attacker, once authenticated within the Mautic environment, can leverage the flawed asset upload functionality to upload and execute arbitrary PHP code. This could lead to complete system compromise, including data exfiltration, modification of Mautic configurations, and even the installation of backdoors. The attacker could potentially pivot from the Mautic server to other systems within the network, depending on the server's configuration and access privileges. This vulnerability shares similarities with other file upload vulnerabilities where insufficient validation allows for the execution of malicious code.
CVE-2024-47051 was publicly disclosed on 2025-02-26. The vulnerability's criticality and ease of exploitation suggest a medium probability of exploitation (EPSS score likely medium). Public proof-of-concept (PoC) code is likely to emerge, increasing the risk of exploitation. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting Mautic installations.
Organizations utilizing Mautic for marketing automation, particularly those running older versions (≤5.2.2), are at significant risk. Shared hosting environments where Mautic instances share resources with other users are especially vulnerable, as a compromised Mautic instance could potentially impact other hosted applications. Those relying on legacy Mautic configurations with relaxed file upload policies are also at increased risk.
• php: Examine uploaded files for suspicious PHP code or backdoors. Use grep to search for common malicious patterns within the /mautic/files directory.
• generic web: Monitor web server access logs for unusual file upload activity, particularly requests containing executable file extensions.
• linux / server: Use lsof to identify processes accessing uploaded files. Investigate any unexpected PHP processes.
lsof | grep /mautic/filesdisclosure
Exploit-Status
EPSS
0.74% (73% Perzentil)
CISA SSVC
CVSS-Vektor
The most effective mitigation for CVE-2024-47051 is to immediately upgrade Mautic Core to version 5.2.3 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds. Strictly enforce file extension whitelisting in the asset upload functionality, rejecting any files with potentially executable extensions. Implement a Web Application Firewall (WAF) with rules to detect and block suspicious file uploads. Review and restrict file upload permissions to the minimum necessary. After upgrading, confirm the vulnerability is resolved by attempting to upload a test file with a known malicious extension and verifying that it is rejected.
Aktualisieren Sie Mautic auf Version 5.2.3 oder höher. Diese Version enthält die Sicherheitskorrekturen, die erforderlich sind, um die Remote Code Execution- und Dateilöschschwachstellen über Path Traversal zu beheben. Es wird empfohlen, das Update so bald wie möglich durchzuführen, um Ihr System zu schützen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-47051 is a critical Remote Code Execution vulnerability in Mautic Core versions before 5.2.3, allowing authenticated users to upload and execute malicious PHP scripts.
Yes, if you are running Mautic Core versions 5.2.2 or earlier, you are vulnerable to this RCE vulnerability.
Upgrade Mautic Core to version 5.2.3 or later to patch this vulnerability. Implement temporary workarounds like strict file extension whitelisting if an immediate upgrade is not possible.
While no active exploitation has been confirmed, the vulnerability's criticality and ease of exploitation suggest a medium probability of exploitation.
Refer to the official Mautic security advisory for detailed information and updates: [https://www.mautic.org/security-advisories](https://www.mautic.org/security-advisories)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.