Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2020-25781
An issue exists in file_download.php in MantisBT prior to 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.
Mantisbt Mantisbt
4
CVSSv2
CVE-2013-1811
An access control issue in MantisBT prior to 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
Mantisbt Mantisbt
Debian Debian Linux 6.0
Debian Debian Linux 7.0
4
CVSSv2
CVE-2013-1930
MantisBT 1.2.12 prior to 1.2.15 allows authenticated users to by the workflow restriction and close issues.
Mantisbt Mantisbt
Fedoraproject Fedora 17
Fedoraproject Fedora 18
4
CVSSv2
CVE-2018-9839
An issue exists in MantisBT up to and including 1.3.14, and 2.0.0. Using a crafted request on bug_report_page.php (modifying the 'm_id' parameter), any user with REPORTER access or above is able to view any private issue's details (summary, description, steps to re...
Mantisbt Mantisbt 2.0.0
Mantisbt Mantisbt
4
CVSSv2
CVE-2017-12419
If, after successful installation of MantisBT up to and including 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL c...
Mantisbt Mantisbt 2.5.2
4
CVSSv2
CVE-2014-8988
MantisBT prior to 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a...
Mantisbt Mantisbt 1.2.17
3.6
CVSSv2
CVE-2012-1120
The SOAP API in MantisBT prior to 1.2.9 does not properly enforce the bugnote_allow_user_edit_delete and delete_bug_threshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes.
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.9
3.6
CVSSv2
CVE-2012-1122
bug_actiongroup.php in MantisBT prior to 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the report_bug_threshold and move_bug_threshold privileges for a project to b...
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 0.19.0a1
Mantisbt Mantisbt 0.19.0a2
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.0a2
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.6
3.6
CVSSv2
CVE-2012-2692
MantisBT prior to 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments.
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 0.18.0
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.0.7
3.5
CVSSv2
CVE-2022-33910
An XSS vulnerability in MantisBT prior to 2.25.5 allows remote malicious users to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a ...
Mantisbt Mantisbt
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »