Miggo Logo
Miggo Vulnerability Database
CVE-2022-25777

CVE-2022-25777: Mautic: MST-48 Server-Side Request Forgery in Asset section

6.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-25777
GHSA ID
GHSA-mgv8-w49f-822w
EPSS Score
0.2745%
CWE
CWE-918
Published
4/12/2024
Updated
9/18/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
mautic/corecomposer>= 1.0.0-beta4, < 4.4.124.4.12
mautic/corecomposer>= 5.0.0-alpha, < 5.0.45.0.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from unvalidated user input in the Asset creation form's 'remotePath' field. The patch added Symfony's Url constraint to this field, and the accompanying test case demonstrates blocking file:// protocol usage. The buildForm method in AssetType.php is directly responsible for defining this input field's validation rules, making it the clear vulnerable point before validation was implemented.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t Prior to t** p*t**** v*rsion, *n *ut**nti**t** us*r o* M*uti* *oul* r*** syst*m *il*s *n* ****ss t** int*rn*l ***r*ss*s o* t** *ppli**tion *u* to * S*rv*r-Si** R*qu*st *or**ry (SSR*) vuln*r**ility. ### P*t***s Up**t* to *.*.** or *.*.* #

Reasoning

T** vuln*r**ility st*mm** *rom unv*li**t** us*r input in t** *ss*t *r**tion *orm's 'r*mot*P*t*' *i*l*. T** p*t** ***** Sym*ony's Url *onstr*int to t*is *i*l*, *n* t** ***omp*nyin* t*st **s* **monstr*t*s *lo*kin* `*il*://` proto*ol us***. T** `*uil**o