cvedb.io
CVE-2017-1000490
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2018-01-03T17:29:00.243 · Last modified 2026-06-17T00:59:16.023

Summary

Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.

Affected products

acquia — mautic

Does this affect you?

Add your gear to cvedb and we'll alert you only when acquia ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.