CVE-2017-8874

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-8874
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8874.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-8874
Aliases
Published
2017-05-10T05:29:00.317Z
Modified
2026-04-10T04:01:19.791732Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts.

References

Affected packages

Git / github.com/mautic/mautic

Affected ranges

Type
GIT
Repo
https://github.com/mautic/mautic
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
513c1268d3ce3345e9b6d0953a9098e77428abf5
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.4.1"
        }
    ]
}

Affected versions

1.*
1.0.0
1.0.0-beta2
1.0.0-beta3
1.0.0-beta4
1.0.0-rc1
1.0.0-rc2
1.0.0-rc3
1.0.0-rc4
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.1.0
1.1.1
1.1.2
1.1.3
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0
1.3.1
1.4.0
1.4.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8874.json"