Improper access control in Mautic - CVE-2017-1000490

 

Improper access control in Mautic - CVE-2017-1000490

Published: January 19, 2021 / Updated: May 25, 2026


Vulnerability identifier: #VU132228
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-1000490
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Mautic
Affected software:
Mautic

Detailed vulnerability description

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in the Filemanager when handling file download requests. A remote user can request arbitrary files accessible to the web server user to disclose sensitive information.

The user must be logged into Mautic to exploit this issue.


How to mitigate CVE-2017-1000490

Install security update from vendor's website.

Sources