CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-10189

An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.2%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2018-10189

Mautic » Mautic » Version: 1.0.0

cpe:2.3:a:mautic:mautic:1.0.0
Mautic » Mautic » Version: 1.0.1

cpe:2.3:a:mautic:mautic:1.0.1
Mautic » Mautic » Version: 1.0.2

cpe:2.3:a:mautic:mautic:1.0.2
Mautic » Mautic » Version: 1.0.3

cpe:2.3:a:mautic:mautic:1.0.3
Mautic » Mautic » Version: 1.0.4

cpe:2.3:a:mautic:mautic:1.0.4
Mautic » Mautic » Version: 1.0.5

cpe:2.3:a:mautic:mautic:1.0.5
Mautic » Mautic » Version: 1.1.0

cpe:2.3:a:mautic:mautic:1.1.0
Mautic » Mautic » Version: 1.1.1

cpe:2.3:a:mautic:mautic:1.1.1
Mautic » Mautic » Version: 1.1.2

cpe:2.3:a:mautic:mautic:1.1.2
Mautic » Mautic » Version: 1.1.3

cpe:2.3:a:mautic:mautic:1.1.3
Mautic » Mautic » Version: 1.2.0

cpe:2.3:a:mautic:mautic:1.2.0
Mautic » Mautic » Version: 1.2.1

cpe:2.3:a:mautic:mautic:1.2.1
Mautic » Mautic » Version: 1.2.2

cpe:2.3:a:mautic:mautic:1.2.2
Mautic » Mautic » Version: 1.2.3

cpe:2.3:a:mautic:mautic:1.2.3
Mautic » Mautic » Version: 1.2.4

cpe:2.3:a:mautic:mautic:1.2.4
Mautic » Mautic » Version: 1.3.0

cpe:2.3:a:mautic:mautic:1.3.0
Mautic » Mautic » Version: 1.3.1

cpe:2.3:a:mautic:mautic:1.3.1
Mautic » Mautic » Version: 1.4.0

cpe:2.3:a:mautic:mautic:1.4.0
Mautic » Mautic » Version: 1.4.1

cpe:2.3:a:mautic:mautic:1.4.1
Mautic » Mautic » Version: 2.0.0

cpe:2.3:a:mautic:mautic:2.0.0
Mautic » Mautic » Version: 2.0.1

cpe:2.3:a:mautic:mautic:2.0.1
Mautic » Mautic » Version: 2.1.0

cpe:2.3:a:mautic:mautic:2.1.0
Mautic » Mautic » Version: 2.1.1

cpe:2.3:a:mautic:mautic:2.1.1
Mautic » Mautic » Version: 2.10.0

cpe:2.3:a:mautic:mautic:2.10.0
Mautic » Mautic » Version: 2.10.1

cpe:2.3:a:mautic:mautic:2.10.1
Mautic » Mautic » Version: 2.11.0

cpe:2.3:a:mautic:mautic:2.11.0
Mautic » Mautic » Version: 2.12.0

cpe:2.3:a:mautic:mautic:2.12.0
Mautic » Mautic » Version: 2.12.1

cpe:2.3:a:mautic:mautic:2.12.1
Mautic » Mautic » Version: 2.12.2

cpe:2.3:a:mautic:mautic:2.12.2
Mautic » Mautic » Version: 2.2.0

cpe:2.3:a:mautic:mautic:2.2.0
Mautic » Mautic » Version: 2.2.1

cpe:2.3:a:mautic:mautic:2.2.1
Mautic » Mautic » Version: 2.3.0

cpe:2.3:a:mautic:mautic:2.3.0
Mautic » Mautic » Version: 2.4.0

cpe:2.3:a:mautic:mautic:2.4.0
Mautic » Mautic » Version: 2.5.0

cpe:2.3:a:mautic:mautic:2.5.0
Mautic » Mautic » Version: 2.5.1

cpe:2.3:a:mautic:mautic:2.5.1
Mautic » Mautic » Version: 2.6.0

cpe:2.3:a:mautic:mautic:2.6.0
Mautic » Mautic » Version: 2.6.1

cpe:2.3:a:mautic:mautic:2.6.1
Mautic » Mautic » Version: 2.7.0

cpe:2.3:a:mautic:mautic:2.7.0
Mautic » Mautic » Version: 2.7.1

cpe:2.3:a:mautic:mautic:2.7.1
Mautic » Mautic » Version: 2.8.0

cpe:2.3:a:mautic:mautic:2.8.0
Mautic » Mautic » Version: 2.8.1

cpe:2.3:a:mautic:mautic:2.8.1
Mautic » Mautic » Version: 2.8.2

cpe:2.3:a:mautic:mautic:2.8.2
Mautic » Mautic » Version: 2.9.0

cpe:2.3:a:mautic:mautic:2.9.0
Mautic » Mautic » Version: 2.9.1

cpe:2.3:a:mautic:mautic:2.9.1
Mautic » Mautic » Version: 2.9.2

cpe:2.3:a:mautic:mautic:2.9.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-10189

Products

Pricing

Contact Us