Home > Vulnerability Database > CVE-2021-27916

Mend.io Vulnerability Database

CVE-2021-27916

Good to know:

Date: September 17, 2024

Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files. This vulnerability exists in the implementation of the GrapesJS builder in Mautic.

Severity Score

8.1

Related Resources (6)

Url: https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p

Url: https://github.com/mautic/mautic/commit/95e8df3ae6730c725f1848d70e7992da369518f3

Url: https://github.com/mautic/mautic/commit/546045ff9c74dd8b3dac36c4ab3674380262c65a

Url: https://github.com/mautic/mautic

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-27916

Url: https://www.mend.io/vulnerability-database/CVE-2021-27916

Severity Score

8.1

Weakness Type (CWE)

Path Traversal

CWE-22

Relative Path Traversal

CWE-23

Top Fix

Upgrade Version

Upgrade to version 4.4.12,5.0.4

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2021-27916

Good to know:

Date: September 17, 2024

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?