Mautic Path Traversal Vulnerability in Campaign Import Feature Allowing Remote Code Execution

A path traversal vulnerability has been identified in the campaign import feature of Mautic version 7. This vulnerability arises when the application extracts uploaded ZIP files during the import process. A flaw in the validation logic permits file paths to escape the designated temporary directories. As a result, an authenticated user with campaign import privileges can write arbitrary PHP files to sensitive system directories. This exploitation could overwrite critical internal configuration or cache components, leading to remote code execution under the context of the web server user.

Impact

Exploitation of this vulnerability allows for remote code execution on the server, with the executed code running under the web server user.

Remediation

Users can upgrade to Mautic version 7.1.2 to address this vulnerability. For those unable to upgrade, it is recommended to revoke campaign import permissions from non-administrative users.