{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2022-25769",
        "ASSIGNER": "security@mautic.org",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.\n\nThis logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-1284 Improper Validation of Specified Quantity in Input",
                        "cweId": "CWE-1284"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Mautic",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Mautic",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "< 3.3.5"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "< 4.2.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56",
                "refsource": "MISC",
                "name": "https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56"
            },
            {
                "url": "https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic",
                "refsource": "MISC",
                "name": "https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.2.0"
    },
    "source": {
        "advisory": "GHSA-mj6m-246h-9w56",
        "discovery": "UNKNOWN"
    },
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "Upgrade to 3.3.5 or 4.2.0. <br><br>If you're using Mautic in a sub-folder with Apache <span style=\"background-color: rgb(255, 255, 255);\">(e.g. example.com/mautic)</span>, <span style=\"background-color: rgb(255, 255, 255);\">please review the guidance in </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/mautic/mautic/issues/10913#issuecomment-1055681986\">this GitHub issue</a><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;before updating, as you will probably need to make some changes to the .htaccess file after you update.</span><br>"
                }
            ],
            "value": "Upgrade to 3.3.5 or 4.2.0. \n\nIf you're using Mautic in a sub-folder with Apache (e.g. example.com/mautic), please review the guidance in  this GitHub issue https://github.com/mautic/mautic/issues/10913#issuecomment-1055681986 \u00a0before updating, as you will probably need to make some changes to the .htaccess file after you update."
        }
    ],
    "credits": [
        {
            "lang": "en",
            "value": "Mattias Michaux"
        },
        {
            "lang": "en",
            "value": "Mattias Michaux"
        },
        {
            "lang": "en",
            "value": "John Linhart"
        },
        {
            "lang": "en",
            "value": "Zdeno Kuzmany"
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
                "version": "3.1"
            }
        ]
    }
}