Improper access control in Mautic - CVE-2018-10189
Published: January 19, 2021 / Updated: May 25, 2026
Mautic
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to improper access control in tracking cookie handling when processing manipulated tracking cookie values. A remote attacker can modify the cookie value by incrementing the tracked contact identifier to disclose sensitive information.
Information disclosure is possible through forms that have progressive profiling enabled.