Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt 1.2.18 vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2014-8988
MantisBT prior to 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a...
Mantisbt Mantisbt 1.2.17
6.4
CVSSv2
CVE-2014-8598
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote malicious users to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execu...
Mantisbt Mantisbt
1 EDB exploit
7.5
CVSSv2
CVE-2014-7146
The XmlImportExport plugin in MantisBT 1.2.17 and previous versions allows remote malicious users to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function wi...
Mantisbt Mantisbt 1.2.17
2 EDB exploits
7.5
CVSSv2
CVE-2014-9089
Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT prior to 1.2.18 allow remote malicious users to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.
Debian Debian Linux 1.2
Mantisbt Mantisbt
4
CVSSv2
CVE-2013-1811
An access control issue in MantisBT prior to 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
Mantisbt Mantisbt
Debian Debian Linux 6.0
Debian Debian Linux 7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3