Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt 1.2.2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-2574
Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action.
Mantisbt Mantisbt 1.2.2
NA
CVE-2014-6387
gpc_api.php in MantisBT 1.2.17 and previous versions allows remote malicious users to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.7
NA
CVE-2014-1608
SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT prior to 1.2.16 allows remote malicious users to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.9
Debian Debian Linux 7.0
NA
CVE-2014-1609
Multiple SQL injection vulnerabilities in MantisBT prior to 1.2.16 allow remote malicious users to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function in co...
Debian Debian Linux 7.0
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.5
NA
CVE-2015-1042
The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 up to and including 1.2.18 uses an incorrect regular expression, which allows remote malicious users to conduct open redirect and phishing attacks via a URL with a ":/" (colon slash) separator i...
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.18
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.6
NA
CVE-2011-2938
Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT prior to 1.2.7 allow remote malicious users to inject arbitrary web script or HTML via a parameter, as demonstrated by the project_id parameter to search.php.
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.0
1 EDB exploit
NA
CVE-2011-3578
Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT prior to 1.2.8 allows remote malicious users to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357.
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.8
NA
CVE-2011-3356
Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT prior to 1.2.8 allow remote malicious users to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config...
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.1.0
NA
CVE-2011-3357
Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT prior to 1.2.8 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php.
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt
Mantisbt Mantisbt 1.1.1
NA
CVE-2011-3358
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT prior to 1.2.8 allow remote malicious users to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to us...
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 0.19.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »