Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2009-20001
An issue exists in MantisBT prior to 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as...
Mantisbt Mantisbt
5.5
CVSSv2
CVE-2012-5522
MantisBT prior to 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access restrictions and make status changes by leveraging a blank value for a per-statu...
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 0.18.0
Mantisbt Mantisbt 1.0.9
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.1.5
5.5
CVSSv2
CVE-2012-5523
core/email_api.php in MantisBT prior to 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug.
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 0.18.0
Mantisbt Mantisbt 1.0.9
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.1.5
5.1
CVSSv2
CVE-2010-4350
Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT prior to 1.2.4 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Li...
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.0a1
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 1.0.0a3
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt
Mantisbt Mantisbt 0.19.0a1
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 0.18.0
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 0.19.0a2
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.1.2
1 EDB exploit
5
CVSSv2
CVE-2020-36192
An issue exists in the Source Integration plugin prior to 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues (either marked as Private, or part of a private Project), if they are attached to an existing Changeset. The information is visible on ...
Mantisbt Source Integration
5
CVSSv2
CVE-2020-35849
An issue exists in MantisBT prior to 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged malicious user to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bu...
Mantisbt Mantisbt
5
CVSSv2
CVE-2018-6526
view_all_bug_page.php in MantisBT 2.10.0-development prior to 2018-02-02 allows remote malicious users to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.
Mantisbt Mantisbt
5
CVSSv2
CVE-2014-9624
CAPTCHA bypass vulnerability in MantisBT prior to 1.2.19.
Mantisbt Mantisbt
5
CVSSv2
CVE-2014-9759
Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x prior to 1.3.0 allows remote malicious users to obtain sensitive master salt configuration information via a SOAP API request.
Mantisbt Mantisbt 1.3.0
5
CVSSv2
CVE-2014-8553
The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT prior to 1.2.18 allows remote malicious users to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request.
Mantisbt Mantisbt
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »