Improper regex in htaccess file

Impact

the default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.

This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path.

Patches

Please upgrade to 3.3.5 or 4.2.0

Workarounds

No

References

Release post: https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic
Internally tracked under MST-32

For more information

If you have any questions or comments about this advisory:

Email us at security@mautic.org

References

GHSA-mj6m-246h-9w56

RCheesley published to mautic/mautic Feb 28, 2022

Published to the GitHub Advisory Database Mar 1, 2022

Reviewed Mar 1, 2022

Last updated Jan 11, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

Impact

Patches

Workarounds

References

For more information

References

Severity

EPSS score

Weaknesses

CVE ID

GHSA ID

Source code

Credits