9.1

CVSS Score

Basic Information

CVE ID

CVE-2022-25769

GHSA ID

GHSA-mj6m-246h-9w56

EPSS Score

CWE

Published

3/1/2022

Updated

1/11/2023

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-25769

CVE-2022-25769:
Improper regex in htaccess file

Impact

the default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.

This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path.

Patches

Please upgrade to 3.3.5 or 4.2.0

Workarounds

References

Release post: https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic
Internally tracked under MST-32

For more information

If you have any questions or comments about this advisory:

Email us at security@mautic.org

(GitHub Advisory)

9.1

CVSS Score

Basic Information

CVE ID

CVE-2022-25769

GHSA ID

GHSA-mj6m-246h-9w56

EPSS Score

CWE

Published

3/1/2022

Updated

1/11/2023

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
mautic/core	composer	< 3.3.5	3.3.5
mautic/core	composer	>= 4.0.0, < 4.2.0	4.2.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from an improper regex pattern in the .htaccess file, which is an Apache configuration file rather than application code. Runtime profilers track executed functions in application code, but the vulnerability exists at the server configuration level where allowed PHP files are determined by path matching. There are no PHP functions in Mautic's codebase that directly handle this regex logic or process input related to this misconfiguration. The exploit would trigger execution of unauthorized PHP files (potentially attacker-controlled), but those files' functions would not be part of Mautic's codebase and thus cannot be identified from the provided patches or advisory details.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t t** ****ult .*t****ss *il* **s som* r*stri*tions in t** ****ss to P*P *il*s to only *llow sp**i*i* P*P *il*s to ** *x**ut** in t** root o* t** *ppli**tion. T*is lo*i* isn't *orr**t, *s t** r***x in t** s**on* *il*sM*t** only ****ks t** *i

Reasoning

T** vuln*r**ility st*ms *rom *n improp*r r***x p*tt*rn in t** .*t****ss *il*, w*i** is *n *p**** *on*i*ur*tion *il* r*t**r t**n *ppli**tion *o**. Runtim* pro*il*rs tr**k *x**ut** *un*tions in *ppli**tion *o**, *ut t** vuln*r**ility *xists *t t** s*rv

9.1

Basic Information

Concerned about an active attack path?

CVE-2022-25769: Improper regex in htaccess file

Impact

Patches

Workarounds

References

For more information

9.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2022-25769:
Improper regex in htaccess file

Vulnerability Intelligence
Miggo AI