Improper access control in Mautic - CVE-2018-10189

 

Improper access control in Mautic - CVE-2018-10189

Published: January 19, 2021 / Updated: May 25, 2026


Vulnerability identifier: #VU132227
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-10189
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Mautic
Affected software:
Mautic

Detailed vulnerability description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper access control in tracking cookie handling when processing manipulated tracking cookie values. A remote attacker can modify the cookie value by incrementing the tracked contact identifier to disclose sensitive information.

Information disclosure is possible through forms that have progressive profiling enabled.


How to mitigate CVE-2018-10189

Install security update from vendor's website.

Sources