Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2009-20001
An issue exists in MantisBT prior to 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as...
Mantisbt Mantisbt
5.5
CVSSv2
CVE-2012-5523
core/email_api.php in MantisBT prior to 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug.
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 0.19.1
5.5
CVSSv2
CVE-2012-5522
MantisBT prior to 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access restrictions and make status changes by leveraging a blank value for a per-statu...
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 0.19.5
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.7
5.1
CVSSv2
CVE-2010-4350
Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT prior to 1.2.4 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Li...
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 0.18.0
Mantisbt Mantisbt 0.19.0a1
Mantisbt Mantisbt 1.0.0a2
Mantisbt Mantisbt 1.0.0a3
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt 1.0.0a1
Mantisbt Mantisbt 0.19.5
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.8
1 EDB exploit
5
CVSSv2
CVE-2020-36192
An issue exists in the Source Integration plugin prior to 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues (either marked as Private, or part of a private Project), if they are attached to an existing Changeset. The information is visible on ...
Mantisbt Source Integration
5
CVSSv2
CVE-2020-35849
An issue exists in MantisBT prior to 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged malicious user to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bu...
Mantisbt Mantisbt
5
CVSSv2
CVE-2018-6526
view_all_bug_page.php in MantisBT 2.10.0-development prior to 2018-02-02 allows remote malicious users to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.
Mantisbt Mantisbt
5
CVSSv2
CVE-2014-9624
CAPTCHA bypass vulnerability in MantisBT prior to 1.2.19.
Mantisbt Mantisbt
5
CVSSv2
CVE-2014-9759
Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x prior to 1.3.0 allows remote malicious users to obtain sensitive master salt configuration information via a SOAP API request.
Mantisbt Mantisbt 1.3.0
5
CVSSv2
CVE-2014-9388
bug_report.php in MantisBT prior to 1.2.18 allows remote malicious users to assign arbitrary issues via the handler_id parameter.
Mantisbt Mantisbt
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »