Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt 1.2.0 vulnerabilities and exploits
(subscribe to this query)
760
VMScore
CVE-2014-7146
The XmlImportExport plugin in MantisBT 1.2.17 and previous versions allows remote malicious users to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function wi...
Mantisbt Mantisbt 1.2.17
2 EDB exploits
668
VMScore
CVE-2014-8554
SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT prior to 1.2.18 allows remote malicious users to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete...
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.0.0a1
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.0a3
Mantisbt Mantisbt 1.2.0a1
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.0a2
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 0.19.0a1
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 0.18.0
Mantisbt Mantisbt 1.0.9
Mantisbt Mantisbt 0.19.2
668
VMScore
CVE-2014-1609
Multiple SQL injection vulnerabilities in MantisBT prior to 1.2.16 allow remote malicious users to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function in co...
Debian Debian Linux 7.0
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.14
668
VMScore
CVE-2014-1608
SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT prior to 1.2.16 allows remote malicious users to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.14
Debian Debian Linux 7.0
668
VMScore
CVE-2012-1123
The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT prior to 1.2.9 allows remote malicious users to bypass authentication via a null password.
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 0.18.0
Mantisbt Mantisbt 1.0.9
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.0.1
668
VMScore
CVE-2012-2691
The mc_issue_note_update function in the SOAP API in MantisBT prior to 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request.
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 0.18.0
Mantisbt Mantisbt 1.0.9
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.7
605
VMScore
CVE-2011-3357
Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT prior to 1.2.8 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php.
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.0.5
570
VMScore
CVE-2012-1119
MantisBT prior to 1.2.9 does not audit when users copy or clone a bug report, which makes it easier for remote malicious users to copy bug reports without detection.
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 0.18.0
Mantisbt Mantisbt 1.0.9
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.0.1
516
VMScore
CVE-2015-1042
The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 up to and including 1.2.18 uses an incorrect regular expression, which allows remote malicious users to conduct open redirect and phishing attacks via a URL with a ":/" (colon slash) separator i...
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.18
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.14
515
VMScore
CVE-2010-4350
Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT prior to 1.2.4 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Li...
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.0a1
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 1.0.0a3
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt
Mantisbt Mantisbt 0.19.0a1
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 0.18.0
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 0.19.0a2
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.1.2
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »