Exposure of sensitive PHP information to an unauthorized control sphere in mautic/mautic images

July 9, 2025 invoker category_cve

CVE Details

Basic Information

Title Exposure of sensitive PHP information to an unauthorized control sphere in mautic/mautic images
Type cve
Published 2025-07-09T15:16:37.305Z
Modified 2025-07-09T15:56:59.162Z

Product Information

Vendor mautic
Product Docker Mautic
Version < 6.0.3-20250707-apache

CVSS Information

Base Score 5.3 (MEDIUM)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

  • mautic Docker Mautic < 6.0.3-20250707-apache
  • mautic Docker Mautic < 6.0.3-20250707-fpm

Additional Information

CWE List CWE-497
Source Mautic

Description

ImpactThis is an information disclosure vulnerability originating from PHP’s base image. This vulnerability exposes the PHP version through an X-Powered-By header, which attackers could exploit to fingerprint the server and identify potential weaknesses.

WorkaroundsThe mitigation requires changing the expose_php variable from “On” to “Off” in the file located at /usr/local/etc/php/php.ini.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.