CVE-2024-47051

Published Feb 26, 2025

Last updated a month ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2024-47051 refers to two critical vulnerabilities found in the Mautic marketing automation platform, versions prior to 5.2.3. These vulnerabilities can be exploited by users who are already authenticated on the platform. The first vulnerability allows for Remote Code Execution (RCE) through the asset upload feature. Attackers can bypass file extension restrictions and upload executable files, like PHP scripts, enabling them to run their own code on the server. The second vulnerability involves Path Traversal during file deletion. Due to improper handling of file paths, authenticated users can manipulate the file deletion process to remove arbitrary files from the system. Mautic is a widely used open-source marketing automation platform, powering over 200,000 organizations. The vulnerabilities described in CVE-2024-47051 highlight the importance of updating to the latest version of Mautic (5.2.3 or later) to mitigate these security risks. These flaws underscore the potential dangers of insufficient input validation and improper handling of file paths in web applications. Regular security audits and prompt patching are crucial for maintaining the integrity and security of online platforms.

Description
This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts. * Path Traversal File Deletion: A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system.
Source
security@mautic.org
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.1
Impact score
5.3
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Severity
CRITICAL

Weaknesses

security@mautic.org
CWE-23

Social media

Hype score
Not currently trending
  1. [1day1line] CVE-2024-47051: RCE via Arbitrary File Upload in Mautic https://t.co/leN16CcmuY Hello! Today, I’d like to introduce a vulnerability: "CVE-2024-47051: Remote Code Execution via Arbitrary File Upload in Mautic.” Mautic, an open-source marketing automation software,… h

    @hackyboiz

    19 Mar 2025

    943 Impressions

    4 Retweets

    21 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  2. #VulnAlert 🚨 CVE-2024-47051 | RCE en Mautic (9.1 CVSS) 🔥 Permite ejecución remota de código vía carga de assets y eliminación arbitraria de archivos. 👉 Dork: http.favicon.hash_sha256:67a5904d731636c114513a7df90d4d6bff7a3f690f305ef3487ac84844a5874e https://t.co/8AOaX99bJe

    @Cyph3R_CyberSec

    12 Mar 2025

    56 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. csirt_it: La Settimana Cibernetica del 09 marzo 2025 🔹aggiornamenti per molteplici prodotti 🔹Paragon Partition Manager: rilevato sfruttamento della CVE-2025-0289 🔹Mautic: PoC per lo la CVE-2024-47051 ⚠️#EPSS: rilevate variazioni in prodotti di inter… https://t.co/V9fRnpODwp

    @Vulcanux_

    10 Mar 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. La Settimana Cibernetica del 09 marzo 2025 🔹aggiornamenti per molteplici prodotti 🔹Paragon Partition Manager: rilevato sfruttamento della CVE-2025-0289 🔹Mautic: PoC per lo la CVE-2024-47051 ⚠️#EPSS: rilevate variazioni in prodotti di interesse 🔗https://t.co/3fFpT6ArRo http

    @csirt_it

    10 Mar 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Threat Alert: CVE-2024-47051 (CVSS 9.1): Critical RCE and File Deletion Flaws Expose 200,000+ CVE-2024-47051 Severity: ⚠️ Critical Maturity: 💢 Emerging Learn more: https://t.co/998bS99dKM #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    4 Mar 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. csirt_it: ‼ #Mautic: disponibile un #PoC per lo sfruttamento della CVE-2024-47051 Rischio: 🔴 Tipologia: 🔸 Remote Code Execution 🔸 Arbitrary File Deletion 🔗 https://t.co/BXoIEJeq3U ⚠ Importante mantenere aggiornati i sistemi https://t.co/44n6kSwu7V

    @Vulcanux_

    3 Mar 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. ‼ #Mautic: disponibile un #PoC per lo sfruttamento della CVE-2024-47051 Rischio: 🔴 Tipologia: 🔸 Remote Code Execution 🔸 Arbitrary File Deletion 🔗 https://t.co/ZcQ7ZdgC3e ⚠ Importante mantenere aggiornati i sistemi https://t.co/tQ5d63D1ks

    @csirt_it

    3 Mar 2025

    78 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. OSSのMA(マーケティングオートメーション)ツールMauticに重大(Critical)な脆弱性。CVE-2024-47051はCVSSスコア9.1で、認証後の攻撃者が遠隔コード実行や任意ファイル削除を行える。バージョン5.2.3で修正。 https://t.co/uGjFk9sE24

    @__kokumoto

    3 Mar 2025

    57 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CVE-2024-47051: RCE in Mautic, 9.1 rating 🔥 The vulnerability allows an attacker to conduct RCE through asset loading, as well as delete arbitrary files. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/QVfeilQhr8 #cybersecurity #vulnerability_map https://t.co/CXnmzZi

    @Netlas_io

    3 Mar 2025

    2163 Impressions

    9 Retweets

    29 Likes

    9 Bookmarks

    1 Reply

    0 Quotes

  10. 🚨Alert🚨 CVE-2024-47051 (CVSS 9.1): Critical RCE and File Deletion Flaws in Mautic versions before 5.2.3. 📊 64K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/RouPwl4WUV 👇Query HUNTER : https://t.co/q9rtuGgxk7="Mautic" FOFA :… https://t.c

    @HunterMapping

    3 Mar 2025

    1596 Impressions

    11 Retweets

    18 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨 CVE-2024-47051 ⚠️🔴 CRITICAL (9.1) 🏢 Mautic - mautic/core 🏗️ < 5.2.3 🔗 https://t.co/mwxZggyDSo 🔗 https://t.co/4uuRlzaTub 🔗 https://t.co/Jjgtj4qNp2 #CyberCron #VulnAlert https://t.co/WZxUflnavK

    @cybercronai

    26 Feb 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. [CVE-2024-47051: CRITICAL] Critical cyber security advisory: Mautic versions < 5.2.3 have vulnerabilities exploitable by authenticated users. Remote Code Execution & Path Traversal issues identified.#cybersecurity,#vulnerability https://t.co/IjC3BPY5Uc https://t.co/4HJUZPK

    @CveFindCom

    26 Feb 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes