VulnerableCode Package Details - pkg:composer/mautic/core@5.0.0-alpha

Search for packages

Vulnerability	Summary	Fixed by
VCID-5dp5-sahm-affj Aliases: CVE-2022-25777 GHSA-mgv8-w49f-822w	Mautic: MST-48 Server-Side Request Forgery in Asset section Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.	5.0.4 Affected by 0 other vulnerabilities.
VCID-8h2f-f8zx-wbfn Aliases: CVE-2021-27916 GHSA-9fcx-cv56-w58p	Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files. This vulnerability exists in the implementation of the GrapesJS builder in Mautic.	5.0.4 Affected by 0 other vulnerabilities.
VCID-bdse-4ypf-abe3 Aliases: CVE-2022-25776 GHSA-qjx3-2g35-6hv8	Mautic Sensitive Data Exposure due to inadequate user permission settings Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names.	5.0.4 Affected by 0 other vulnerabilities.
VCID-whnz-qj59-vkgz Aliases: CVE-2022-25775 GHSA-jj6w-2cqg-7p94	Mautic SQL Injection in dynamic Reports Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.	5.0.4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-5dp5-sahm-affj
Aliases:
CVE-2022-25777
GHSA-mgv8-w49f-822w

Mautic: MST-48 Server-Side Request Forgery in Asset section Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.

5.0.4
Affected by 0 other vulnerabilities.

VCID-8h2f-f8zx-wbfn
Aliases:
CVE-2021-27916
GHSA-9fcx-cv56-w58p

Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files. This vulnerability exists in the implementation of the GrapesJS builder in Mautic.

5.0.4
Affected by 0 other vulnerabilities.

VCID-bdse-4ypf-abe3
Aliases:
CVE-2022-25776
GHSA-qjx3-2g35-6hv8

Mautic Sensitive Data Exposure due to inadequate user permission settings Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names.

5.0.4
Affected by 0 other vulnerabilities.

VCID-whnz-qj59-vkgz
Aliases:
CVE-2022-25775
GHSA-jj6w-2cqg-7p94

Mautic SQL Injection in dynamic Reports Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.

5.0.4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:47:36.038843+00:00	GitLab Importer	Affected by	VCID-bdse-4ypf-abe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2022-25776.yml	38.6.0
2026-06-02T04:47:35.942779+00:00	GitLab Importer	Affected by	VCID-8h2f-f8zx-wbfn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2021-27916.yml	38.6.0
2026-06-02T04:47:35.880269+00:00	GitLab Importer	Affected by	VCID-whnz-qj59-vkgz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2022-25775.yml	38.6.0
2026-06-02T04:47:35.688507+00:00	GitLab Importer	Affected by	VCID-5dp5-sahm-affj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2022-25777.yml	38.6.0