-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from differing authentication workflow paths:
This suggests the login handler first checks username validity before evaluating password criteria. The Controller action managing this flow would be responsible for the information leak. While exact code isn't available, Symfony-based Mautic's architecture places this logic in LoginController, and the described behavior matches common authentication pattern flaws. Confidence is medium due to indirect evidence from vulnerability description and typical Symfony MVC patterns.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| mautic/core | composer | >= 5.1.0, < 5.1.1 | 5.1.1 |
Ongoing coverage of React2Shell