CVE-2024-47051: 
PHP vulnerability analysis and mitigation

CVE-2024-47051 affects Mautic versions before 5.2.3, containing two critical security vulnerabilities that could be exploited by authenticated users. The vulnerabilities were disclosed in early 2025 and impact the Mautic marketing automation platform, which is used by over 200,000 organizations (Security Online).

The vulnerability has been assigned a CVSS score of 9.1 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L. The vulnerability consists of two main components: a Remote Code Execution (RCE) vulnerability in the asset upload functionality due to insufficient enforcement of allowed file extensions, and a Path Traversal vulnerability in the upload validation process. These vulnerabilities are tracked under CWE-94 (Code Injection) and CWE-23 (Relative Path Traversal) (NVD).

The vulnerabilities could result in arbitrary code execution through PHP script uploads and unauthorized file deletion on the host system. With over 200,000 organizations using Mautic, the potential impact is significant. An authenticated attacker could exploit these vulnerabilities to gain control over the system and manipulate or delete critical files (Security Online).

The vulnerabilities have been patched in Mautic version 5.2.3. Organizations using affected versions should immediately upgrade to version 5.2.3 or later to protect against these security risks (NVD).