unauth-mautic-upgrade: Unauthenticated Mautic Upgrade.php Exposure

漏洞描述

PoC代码[已公开]

id: unauth-mautic-upgrade

info:
  name: Unauthenticated Mautic Upgrade.php Exposure
  author: huowuzhao
  severity: high
  description: Upgrade.php page in Mautic is exposed.
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"Mautic"
  tags: misconfig,unauth,mautic,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}/upgrade.php'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'Upgrade Mautic'
          - 'Click here to start upgrade'
        condition: and

      - type: word
        part: header
        words:
          - 'text/html'

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100afbe3592b366a4351beb49b3509c0e30227e33932a0258d881bdd06ef6e9ec68022100ee854e980a1958e704cd35fee24ed26e500916d037a08c7d565ad0d420151e27:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC CVE-2019-17671: WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
• POC CVE-2023-40211: Post Grid <= 2.2.50 - Information Exposure via REST API
• POC CVE-2025-34299: Monsta FTP <= 2.11.2 - Unauthenticated Remote Code Execution
• POC eslint-ignore-exposure: Eslint Ignore File Exposure
• POC metabase-installer-exposure: Metabase Installer - Exposure
• POC jfrog-artifactory-exposure: JFrog Artifactory Artifacts Exposure
• POC unauth-munin: Munin Monitoring Dashboard - Exposure
• POC x-backend-server-header-detect: X-Backend-Server Header - Exposure
• POC CVE-2020-11732: Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
• POC CVE-2021-36888: WordPress Image Hover Ultimate - Unauthenticated Settings Update
• POC CVE-2021-4449: ZoomSounds Plugin - Unauthenticated Arbitrary File Upload
• POC CVE-2021-4462: Employee Records System 1.0 - Unauthenticated File Upload RCE
• POC CVE-2022-28666: Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update