Skip to content

CSV Injection vulnerability with exported contact lists in Mautic

Moderate severity GitHub Reviewed Published Jan 19, 2021 in mautic/mautic • Updated Jan 9, 2023

Package

composer mautic/core (Composer)

Affected versions

< 2.13.0

Patched versions

2.13.0

Description

Impact

Mautic versions before 2.13.0 had a vulnerability that allowed a CSV injection with exported contact lists - https://www.owasp.org/index.php/CSV_Injection.

Patches

Update to 2.13.0 or later.

Workarounds

None.

For more information

If you have any questions or comments about this advisory:

References

@RCheesley RCheesley published to mautic/mautic Jan 19, 2021
Reviewed Jan 19, 2021
Published to the GitHub Advisory Database Jan 19, 2021
Last updated Jan 9, 2023

Severity

Moderate

EPSS score

0.277%
(68th percentile)

Weaknesses

CVE ID

CVE-2018-8092

GHSA ID

GHSA-29v9-2fpx-j5g9

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.