AI description
CVE-2024-47051 refers to two critical vulnerabilities found in the Mautic marketing automation platform, versions prior to 5.2.3. These vulnerabilities can be exploited by users who are already authenticated on the platform. The first vulnerability allows for Remote Code Execution (RCE) through the asset upload feature. Attackers can bypass file extension restrictions and upload executable files, like PHP scripts, enabling them to run their own code on the server. The second vulnerability involves Path Traversal during file deletion. Due to improper handling of file paths, authenticated users can manipulate the file deletion process to remove arbitrary files from the system. Mautic is a widely used open-source marketing automation platform, powering over 200,000 organizations. The vulnerabilities described in CVE-2024-47051 highlight the importance of updating to the latest version of Mautic (5.2.3 or later) to mitigate these security risks. These flaws underscore the potential dangers of insufficient input validation and improper handling of file paths in web applications. Regular security audits and prompt patching are crucial for maintaining the integrity and security of online platforms.
- Description
- This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts. * Path Traversal File Deletion: A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system.
- Source
- security@mautic.org
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.3
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
- Severity
- CRITICAL
- security@mautic.org
- CWE-23
- Hype score
- Not currently trending
[1day1line] CVE-2024-47051: RCE via Arbitrary File Upload in Mautic https://t.co/leN16CcmuY Hello! Today, I’d like to introduce a vulnerability: "CVE-2024-47051: Remote Code Execution via Arbitrary File Upload in Mautic.” Mautic, an open-source marketing automation software,… h
@hackyboiz
19 Mar 2025
943 Impressions
4 Retweets
21 Likes
6 Bookmarks
0 Replies
0 Quotes
#VulnAlert 🚨 CVE-2024-47051 | RCE en Mautic (9.1 CVSS) 🔥 Permite ejecución remota de código vía carga de assets y eliminación arbitraria de archivos. 👉 Dork: http.favicon.hash_sha256:67a5904d731636c114513a7df90d4d6bff7a3f690f305ef3487ac84844a5874e https://t.co/8AOaX99bJe
@Cyph3R_CyberSec
12 Mar 2025
56 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
csirt_it: La Settimana Cibernetica del 09 marzo 2025 🔹aggiornamenti per molteplici prodotti 🔹Paragon Partition Manager: rilevato sfruttamento della CVE-2025-0289 🔹Mautic: PoC per lo la CVE-2024-47051 ⚠️#EPSS: rilevate variazioni in prodotti di inter… https://t.co/V9fRnpODwp
@Vulcanux_
10 Mar 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
La Settimana Cibernetica del 09 marzo 2025 🔹aggiornamenti per molteplici prodotti 🔹Paragon Partition Manager: rilevato sfruttamento della CVE-2025-0289 🔹Mautic: PoC per lo la CVE-2024-47051 ⚠️#EPSS: rilevate variazioni in prodotti di interesse 🔗https://t.co/3fFpT6ArRo http
@csirt_it
10 Mar 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat Alert: CVE-2024-47051 (CVSS 9.1): Critical RCE and File Deletion Flaws Expose 200,000+ CVE-2024-47051 Severity: ⚠️ Critical Maturity: 💢 Emerging Learn more: https://t.co/998bS99dKM #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
4 Mar 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼ #Mautic: disponibile un #PoC per lo sfruttamento della CVE-2024-47051 Rischio: 🔴 Tipologia: 🔸 Remote Code Execution 🔸 Arbitrary File Deletion 🔗 https://t.co/BXoIEJeq3U ⚠ Importante mantenere aggiornati i sistemi https://t.co/44n6kSwu7V
@Vulcanux_
3 Mar 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼ #Mautic: disponibile un #PoC per lo sfruttamento della CVE-2024-47051 Rischio: 🔴 Tipologia: 🔸 Remote Code Execution 🔸 Arbitrary File Deletion 🔗 https://t.co/ZcQ7ZdgC3e ⚠ Importante mantenere aggiornati i sistemi https://t.co/tQ5d63D1ks
@csirt_it
3 Mar 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
OSSのMA(マーケティングオートメーション)ツールMauticに重大(Critical)な脆弱性。CVE-2024-47051はCVSSスコア9.1で、認証後の攻撃者が遠隔コード実行や任意ファイル削除を行える。バージョン5.2.3で修正。 https://t.co/uGjFk9sE24
@__kokumoto
3 Mar 2025
57 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-47051: RCE in Mautic, 9.1 rating 🔥 The vulnerability allows an attacker to conduct RCE through asset loading, as well as delete arbitrary files. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/QVfeilQhr8 #cybersecurity #vulnerability_map https://t.co/CXnmzZi
@Netlas_io
3 Mar 2025
2163 Impressions
9 Retweets
29 Likes
9 Bookmarks
1 Reply
0 Quotes
🚨Alert🚨 CVE-2024-47051 (CVSS 9.1): Critical RCE and File Deletion Flaws in Mautic versions before 5.2.3. 📊 64K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/RouPwl4WUV 👇Query HUNTER : https://t.co/q9rtuGgxk7="Mautic" FOFA :… https://t.c
@HunterMapping
3 Mar 2025
1596 Impressions
11 Retweets
18 Likes
5 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-47051 ⚠️🔴 CRITICAL (9.1) 🏢 Mautic - mautic/core 🏗️ < 5.2.3 🔗 https://t.co/mwxZggyDSo 🔗 https://t.co/4uuRlzaTub 🔗 https://t.co/Jjgtj4qNp2 #CyberCron #VulnAlert https://t.co/WZxUflnavK
@cybercronai
26 Feb 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-47051: CRITICAL] Critical cyber security advisory: Mautic versions < 5.2.3 have vulnerabilities exploitable by authenticated users. Remote Code Execution & Path Traversal issues identified.#cybersecurity,#vulnerability https://t.co/IjC3BPY5Uc https://t.co/4HJUZPK
@CveFindCom
26 Feb 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes