VulnerableCode Package Details - pkg:composer/mautic/core@6.0.8

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/mautic/core@6.0.8

Essentials
History (3)

purl	pkg:composer/mautic/core@6.0.8

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-7yzg-g3t9-8ubs	Mautic is Vulnerable to SQL Injection through Contact Activity API Sorting This advisory addresses a SQL Injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated against an allowlist, potentially allowing authenticated users to inject arbitrary SQL commands via the API.	CVE-2026-3105 GHSA-r5j5-q42h-fc93

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T10:53:26.931666+00:00	GithubOSV Importer	Fixing	VCID-7yzg-g3t9-8ubs	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-r5j5-q42h-fc93/GHSA-r5j5-q42h-fc93.json	38.6.0
2026-05-31T01:07:56.233951+00:00	GHSA Importer	Fixing	VCID-7yzg-g3t9-8ubs	https://github.com/advisories/GHSA-r5j5-q42h-fc93	38.6.0
2026-05-30T21:07:16.952486+00:00	GitLab Importer	Fixing	VCID-7yzg-g3t9-8ubs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2026-3105.yml	38.6.0