An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an aut…

An SQL injection vulnerability has been discovered in Mautic's API contact filtering mechanism. The vulnerability stems from insufficient recursive sanitization of nested query parameters, allowing authenticated API users to bypass input filtering. Attackers can exploit this flaw to inject arbitrary SQL commands into the database. This represents a significant security risk as it could lead to unauthorized data access, modification, or deletion. The vulnerability affects Mautic's API functionality specifically related to contact filtering operations.