Improper access control in Mautic - CVE-2017-1000490
Published: January 19, 2021 / Updated: May 25, 2026
Mautic
Detailed vulnerability description
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to improper access control in the Filemanager when handling file download requests. A remote user can request arbitrary files accessible to the web server user to disclose sensitive information.
The user must be logged into Mautic to exploit this issue.